Apple has issued threat notifications to users in about 92 countries, alerting them to potential spyware attacks by mercenary groups, which could lead to iPhone hacks.
The iPhone manufacturer said the specific victims are selected for attack possibly because of who they are or what they do.
The company said its threat notifications are “high-confidence alerts” that a user has been individually chosen by a mercenary spyware attack, and should be taken very seriously.
The National looks at Apple’s latest warning and explores the severity of an attack.
What does Apple warning say?
In its warning, Apple clearly said the mercenary spyware attack is trying to remotely compromise the victim’s iPhone.
However, Apple did not divulge many details as it could alert the culprits and allow them to pivot the nature of the attack.
“We are unable to provide more information about what caused us to send you this notification, as that may help mercenary spyware attackers adapt their behaviour to evade detection in the future,” Apple said.
“While Apple has not disclosed many details about the attack, it is reasonable to assume this targeted breach is an identity based attack aimed to steal credentials and further their lateral movement into a user's electronic ecosystem,” Morey Haber, chief security adviser at technology firm BeyondTrust, told The National.
“The initial stages of such attacks are usually so targeted and personal that victims believe them and they are easily convinced to engage out of fear, desperation, or some other emotion based on the contents.”
Why mercenary spyware attacks are hard to detect?
Mercenary spyware attacks are usually backed by substantial funding, and they keep evolving over the time making it hard for security personnel to detect them at early stages, according to cyber experts.
In this case, the Cupertino-based company solely relied on internal threat-intelligence information and investigations to detect such attacks.
It said these attacks are more complex than regular cybercriminal activities and consumer malwares. Attackers use high-end technology and resources to target a very small number of specific individuals and their devices rather than launching a mass attack.
“Mercenary spyware attacks cost millions of dollars and often have a short shelf life, making them much harder to detect and prevent,” Apple said.
Who are the potential victims?
Apple said mercenary spyware attacks often target selective high-profile individuals such as journalists, activists, politicians and diplomats. They are orchestrated by various entities, including private companies developing mercenary spyware on their behalf.
In its detailed threat update, Apple gave the example of Israeli cyber intelligence firm NSO Group that developed Pegasus spyware for spying on mobile phones and harvesting their data.
Since 2021, Apple has sent such threat notifications multiple times a year, notifying users in over 150 countries. However, it refrained from attributing them to any particular state actor or region.
“The extreme cost, sophistication, and worldwide nature of mercenary spyware attacks makes them some of the most advanced digital threats in existence today. As a result, Apple does not attribute the attacks or resulting threat notifications to any specific attackers or geographical regions.”
How is Apple informing users?
Affected users are informed through email or iMessage using the details linked with the user's Apple ID. A notification is also displayed at the top of the page after the user signs into appleid.apple.com.
The notifications also provide additional steps that notified users can take to help protect their devices, including enabling lockdown mode.
What to do if you have received an Apple threat notification
Apple recommended the victims to immediately contact security experts at digital security helpline at the non-profit Access Now. They can contact them 24 hours a day, seven days a week through their website.
Outside organisations do not have any information about what caused Apple to send a threat notification, but they can assist targeted users with tailored security advice, the company said.
Why Apple removed 'state-sponsored' with 'mercenary spyware attacks'
Previously labelled as “state-sponsored”, Apple has now replaced all such mentions with “mercenary spyware attacks” when describing the perpetrators.
Apple's removal of the term state-sponsored comes after it repeatedly faced pressure from the Indian government on linking such breaches to state actors, reported Reuters.
India's opposition leaders have accused Prime Minister Narendra Modi's government of attempting to compromise into their mobile phones following Apple's messages in October that warned of “state-sponsored” attacks.
Why are criminals targeting mobile devices?
For threat actors looking to target high-profile individuals, mobile devices have become one of the most vulnerable targets to compromise, industry analysts said.
Apple’s latest action of informing users that their devices may have been targeted is concerning but encouraging to see them taking measures to protect potentially impacted individual, Scott Caveza, staff research engineer at cyber security firm Tenable, told The National.
“Mobile device exploits can fetch millions of dollars … with millions of dollars at play, one thing is certain, data is key and attackers, including nation states, are willing to invest heavily for exploits that can be used against high value targets and individuals."
Tips for all users to safeguard their iPhone
- Update devices to the latest software, as that includes the latest security fixes
- Protect devices with a passcode
- Use two-factor authentication and a strong password for Apple ID
- Install apps only from the App Store
- Use strong and unique passwords online
- Don’t click on links or attachments from unknown senders
