Alert: Apple warns of "mercenary spyware attack" on users in over 90 countries, here's what to do
There are reports that users in India and 91 other countries have received a warning from Apple. In the threat notification message, Apple says the users were possible victims of a "mercenary spyware attack".
The company discovered that attackers tried to "remotely compromise the iPhone," Apple said in the notification email seen by Reuters.
"ALERT: Apple detected a targeted mercenary spyware attack against your iPhone," reads the subject line of the threat notification, a copy of which has been seen by The Indian Express.
"Apple detected that you are being targeted by a mercenary spyware attack that is trying to remotely compromise the iPhone associated with your Apple ID. This attack is likely targeting you specifically because of who you are or what you do. Although it’s never possible to achieve absolute certainty when detecting such attacks, Apple has high confidence in this warning – please take it seriously," the notification email adds.
If you have received an Apple threat notification, Apple strongly suggests that you enlist expert help, such as the rapid-response emergency security assistance provided by the Digital Security Helpline at the non-profit Access Now.
All users should continue to protect themselves from general cybercriminals and consumer malware by following best practices for security:
If you have not received an Apple threat notification but have good reason to believe you may be individually targeted by mercenary spyware attacks, you can enable Lockdown Mode on your Apple devices for additional protection. If you require emergency cybersecurity assistance for other reasons, the Consumer Reports Security Planner website offers a list of emergency resources that may be able to assist you.
Apple threat notifications will never ask you to click any links, open files, install apps or profiles, or provide your Apple ID password or verification code by email or on the phone. To verify that an Apple threat notification is genuine, sign in to appleid.apple.com. If Apple has sent you a threat notification, it will be clearly visible at the top of the page after you have signed in.
That's what a newly-published "About Apple threat notifications and protecting against mercenary spyware" support page on Apple's site says.
The page states that such attacks are vastly more complex than regular cybercriminal activity and consumer malware, as mercenary spyware attackers apply exceptional resources to target a very small number of specific individuals and their devices. Mercenary spyware attacks cost millions of dollars and often have a short shelf life, making them much harder to detect and prevent. The vast majority of users will never be targeted by such attacks.
Though deployed against a very small number of individuals – often journalists, activists, politicians and diplomats – mercenary spyware attacks are ongoing and global.
Since 2021, Apple has sent threat notifications multiple times a year as they have detected these attacks, and to date they have notified users in over 150 countries in total. The extreme cost, sophistication and worldwide nature of mercenary spyware attacks makes them some of the most advanced digital threats in existence today. As a result, Apple does not attribute the attacks or resulting threat notifications to any specific attackers or geographical regions.
If Apple detects activity consistent with a mercenary spyware attack, they notify the targeted users in two ways:
These notifications will provide additional steps that notified users can take to help protect their devices, including enabling Lockdown Mode.
Mercenary spyware attacks are exceptionally well funded and they evolve over time. Apple relies solely on internal threat-intelligence information and investigations to detect such attacks. Although our investigations can never achieve absolute certainty, Apple threat notifications are high-confidence alerts that a user has been individually targeted by a mercenary spyware attack and should be taken very seriously.
The company discovered that attackers tried to "remotely compromise the iPhone," Apple said in the notification email seen by Reuters.
"Apple detected that you are being targeted by a mercenary spyware attack that is trying to remotely compromise the iPhone associated with your Apple ID. This attack is likely targeting you specifically because of who you are or what you do. Although it’s never possible to achieve absolute certainty when detecting such attacks, Apple has high confidence in this warning – please take it seriously," the notification email adds.
Preventing mercenary spyware attacks
If you have received an Apple threat notification, Apple strongly suggests that you enlist expert help, such as the rapid-response emergency security assistance provided by the Digital Security Helpline at the non-profit Access Now.
Apple threat notification recipients can contact the Digital Security Helpline 24 hours a day, 7 days a week through their website. Outside organizations do not have any information about what caused Apple to send a threat notification, but they can assist targeted users with tailored security advice.
All users should continue to protect themselves from general cybercriminals and consumer malware by following best practices for security:
- Update devices to the latest software, as that includes the latest security fixes
- Protect devices with a passcode
- Use two-factor authentication and a strong password for Apple ID
- Install apps from the App Store
- Use strong and unique passwords online
- Don’t click on links or attachments from unknown senders
If you have not received an Apple threat notification but have good reason to believe you may be individually targeted by mercenary spyware attacks, you can enable Lockdown Mode on your Apple devices for additional protection. If you require emergency cybersecurity assistance for other reasons, the Consumer Reports Security Planner website offers a list of emergency resources that may be able to assist you.
Why mercenary spyware attacks are dangerous
Apple threat notifications are designed to inform and assist users who may have been individually targeted by mercenary spyware attacks.
That's what a newly-published "About Apple threat notifications and protecting against mercenary spyware" support page on Apple's site says.
The page states that such attacks are vastly more complex than regular cybercriminal activity and consumer malware, as mercenary spyware attackers apply exceptional resources to target a very small number of specific individuals and their devices. Mercenary spyware attacks cost millions of dollars and often have a short shelf life, making them much harder to detect and prevent. The vast majority of users will never be targeted by such attacks.
Though deployed against a very small number of individuals – often journalists, activists, politicians and diplomats – mercenary spyware attacks are ongoing and global.
Since 2021, Apple has sent threat notifications multiple times a year as they have detected these attacks, and to date they have notified users in over 150 countries in total. The extreme cost, sophistication and worldwide nature of mercenary spyware attacks makes them some of the most advanced digital threats in existence today. As a result, Apple does not attribute the attacks or resulting threat notifications to any specific attackers or geographical regions.
- A Threat Notification will be displayed at the top of the page after the user has signed in to appleid.apple.com.
- Apple will send an email and iMessage notification to the email addresses and phone numbers associated with the user’s Apple ID.
These notifications will provide additional steps that notified users can take to help protect their devices, including enabling Lockdown Mode.
Mercenary spyware attacks are exceptionally well funded and they evolve over time. Apple relies solely on internal threat-intelligence information and investigations to detect such attacks. Although our investigations can never achieve absolute certainty, Apple threat notifications are high-confidence alerts that a user has been individually targeted by a mercenary spyware attack and should be taken very seriously.
Things that are NOT allowed: