Apple issued alerts to iPhone users in 92 countries on Wednesday, notifying them of potential spyware threats from mercenary groups.
The notifications were sent out at noon Pacific Time on Wednesday to users across the mentioned nations. The company refrained from disclosing the identities of the attackers or specifying the countries where users received the notifications.
In the notification sent to impacted users, Apple conveyed, “We have detected that you are the subject of a mercenary spyware attack attempting to remotely compromise the iPhone linked to your Apple ID.” The company stressed the gravity of the matter, indicating that the attack could be directed at individuals based on their identities or actions.
Apple routinely sends out such notifications multiple times a year and has been doing so since 2021, reaching users in over 150 countries, according to an updated Apple support page.
Notably, similar warnings were sent to journalists and politicians in India in October of the previous year. Subsequently, Amnesty International reported the discovery of invasive spyware, Pegasus, developed by the NSO Group, on the iPhones of prominent individuals in India. Users in India were among those who received Apple’s recent threat notifications, according to sources familiar with the matter.
The timing of these spyware alerts coincides with many nations preparing for elections, although Apple did not comment on this aspect in its notifications.
Apple refrained from providing detailed information about the reasons behind the notifications, citing the potential risk of aiding spyware attackers in evading detection in the future. The company previously described the attackers as “state-sponsored” but has now replaced such references with “mercenary spyware attacks.”
The company emphasized the rarity and sophistication of mercenary spyware attacks, such as those utilizing Pegasus from the NSO Group, compared to regular cybercriminal activity or consumer malware.
Apple stated that it relies solely on internal threat intelligence and investigations to detect such attacks, adding that while investigations cannot guarantee absolute certainty, the threat notifications are high-confidence alerts indicating individual targeting by mercenary spyware attacks and should be taken seriously.