Historically linked to state actors such as the Pegasus spyware created by the Israeli firm NSO Group, Apple did not reveal any names for the most recent attacks.
Apple has sent out threat notifications to individuals across the world who may have been individually targeted by mercenary spyware attacks.
In a support updated published yesterday (10 April), Apple said the threat notifications are designed to “inform and assist” those who may have been affected. Usually, these high-profile individuals are journalists, activists, politicians or diplomats.
Apple did not reveal the names of any groups responsible for the mercenary spyware attacks, nor did it reveal the countries in which these notifications were issued. It just said that such attacks are “vastly more complex” than regular cybercriminal activity and consumer malware.
“Mercenary spyware attackers apply exceptional resources to target a very small number of specific individuals and their devices. Mercenary spyware attacks cost millions of dollars and often have a short shelf life, making them much harder to detect and prevent,” the company wrote.
IMPORTANT: has @Apple recently sent you a #MercenarySpyware threat notification?
This is serious. Seek expert help.
If you're a journalist, activist, dissident, academic, etc. etc: ✅contact the @accessnow Digital Security Helpline.https://t.co/isU1TjWFai
— John Scott-Railton (@jsrailton) April 10, 2024
Apple also noted that while serious in nature, the “vast majority” of users will never be targeted by such attacks. Even so, individuals across 92 countries received Apple’s threat notifications yesterday, according to TechCrunch.
The company also said that state actors, or those creating mercenary spyware on behalf of them – such as Pegasus of the NSO Group – have been behind “individually targeted attacks” of such “exceptional” cost and complexity in the past.
“Though deployed against a very small number of individuals – often journalists, activists, politicians and diplomats – mercenary spyware attacks are ongoing and global,” Apple wrote.
Since 2021, Apple has sent threat notifications multiple times a year to users in more than 150 countries in total.
“The extreme cost, sophistication and worldwide nature of mercenary spyware attacks makes them some of the most advanced digital threats in existence today. As a result, Apple does not attribute the attacks or resulting threat notifications to any specific attackers or geographical regions.”
Last September, Apple released an urgent security update that patched zero-day vulnerabilities related to Pegasus spyware. Digital watchdog Citizen Lab said it identified the flaw while checking a Washington DC-based civil society organisation employee’s Apple device.
Find out how emerging tech trends are transforming tomorrow with our new podcast, Future Human: The Series. Listen now on Spotify, on Apple or wherever you get your podcasts.