Apple has issued threat notifications to iPhone users in over 150 countries [3] [9], warning them of potential mercenary spyware attacks targeting individuals based on their identity or activities [2].


These alerts [2] [4] [8], delivered via email [2], iMessage [2], and the Apple ID sign-in page [2], are sent within two days of detection and do not disclose the attackers’ identities or specific countries affected. Since 2021, Apple has been actively detecting and notifying users of such attacks, with victims in India and 91 other countries being notified [5]. Last October [2] [8], warnings were issued to journalists and politicians in India [2], where the NSO Group’s Pegasus spyware was found on iPhones [2] [8]. Amnesty International confirmed the use of the NSO Group’s Pegasus spyware in these attacks. Indian authorities denied involvement but reportedly pressured Apple to provide alternative explanations to mitigate political backlash [1]. These attacks are described as “mercenary spyware attacks” and are considered highly sophisticated and rare [2], often state-sponsored and aiming to remotely compromise the device [5]. Apple urges affected users to take the threat notifications seriously and seek expert help from organizations like the Digital Security Helpline for emergency security assistance. Users can verify the notifications by signing into The attacks, known as mercenary spyware attacks [2] [3] [5] [7] [9], aim to remotely compromise iPhones and are typically carried out by nation states against specific individuals such as journalists [7], activists [2] [3] [5] [6] [7] [8] [9], politicians [1] [2] [3] [5] [6] [7] [8] [9], and diplomats [7]. The attacks are advanced and complex [7], using zero-day exploits and self-destruct mechanisms to evade detection [7]. The NSO Group’s Pegasus spyware is a well-known tool used in such attacks [7], though the company claims it is only sold to intelligence and law enforcement agencies [7]. Apple has sued the NSO Group for its role in state-sponsored attacks and has released bug fixes to address vulnerabilities exploited by Pegasus [7]. If Apple determines that you are a potential victim of a mercenary spyware attack [7], you will receive an email [7], text message [7], and a threat notification on your Apple ID page [7]. To protect against such attacks [7], Apple recommends using a passcode [7], enabling two-factor authentication [7], updating to the latest OS version [7], installing apps only from the App Store [7], using strong passwords [7], and avoiding clicking on links or attachments from unknown senders [7]. Additionally, turning on Lockdown Mode can help prevent spyware from stealing sensitive data [7], and seeking assistance from security experts such as the Digital Security Helpline at Access Now is advised in the event of an attack [7]. Apple has issued a warning to iPhone users in 92 countries about potential mercenary spyware attacks [3] [8], targeting them specifically [8] [9]. The attackers’ identity and countries of concern were not disclosed [8], but sources suggest users in India are among those affected [8]. This alert follows a previous warning to journalists [8], activists [2] [3] [5] [6] [7] [8] [9], and politicians in India last October [8], where NSO Group’s Pegasus spyware was found on their iPhones [2] [8]. Apple sends similar warnings to users worldwide multiple times a year [8], citing the sophistication and global nature of these attacks as major concerns [8]. Users are advised to put their device on Lockdown Mode and seek expert cybersecurity help [3], and consider using an iPhone VPN for added protection [3], especially if they work in a country with limited digital freedoms [3]. Apple has notified iPhone users in 92 countries [9], including politicians [2] [6] [8], activists [2] [3] [5] [6] [7] [8] [9], and journalists [2] [3] [4] [5] [6] [7] [8] [9], of being targeted by spyware in individually tailored attacks. The notifications warn of mercenary spyware attempting to compromise iPhones associated with Apple IDs [9], targeting users based on their identities or activities [2]. Apple does not disclose how threats are detected to prevent attackers from adapting their behavior [9]. Users are advised to seek tailored security advice from third-party experts [9], such as the Digital Security Helpline [7] [8] [9]. Apple has previously warned of state-sponsored spyware attacks [9], including the use of NSO Group’s Pegasus spyware [9], but the latest notifications do not mention state sponsorship [9]. Individually targeted attacks of high cost and complexity are typically associated with state actors or private companies developing spyware on their behalf [9].


These mercenary spyware attacks pose a significant threat to individuals’ privacy and security, especially those in sensitive roles such as journalists, activists [2] [3] [5] [6] [7] [8] [9], politicians [1] [2] [3] [5] [6] [7] [8] [9], and diplomats [7]. Apple’s proactive approach in detecting and notifying users of such attacks is commendable, but users must remain vigilant and take necessary precautions to protect their devices and data. Seeking assistance from cybersecurity experts and following Apple’s recommendations for securing devices are crucial steps in mitigating the risks posed by these sophisticated attacks. As technology continues to advance, it is essential for individuals and organizations to stay informed and proactive in safeguarding against emerging threats like mercenary spyware attacks.