View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Apple warns users in 92 countries that they are targets for “mercenary spyware attack”

Apple warned iPhone users in a threat notification that their device was at risk of being compromised by an as-yet unknown third party. 

By Greg Noone

Apple has warned iPhone users in 92 countries that their device is at risk of being compromised by a “mercenary spyware attack.” Sent yesterday to consumers at 20:00 GMT, the notification did not identify the third party or parties responsible or the possible consequence of the attack upon individuals or wider networks. Tech Monitor has reached out to Apple for comment. 

“Apple detected that you are being targeted by a mercenary spyware attack that is trying to remotely compromise the iPhone associated with your Apple ID,” read the warning. “This attack is likely targeting you specifically because of who you are or what you do. Although it’s never possible to achieve absolute certainty when detecting such attacks, Apple has high confidence in this warning – please take it seriously.”

A woman holding an iPhone, used to illustrate a story about Apple's warning users about a mercenary spyware attack.
Apple has issued a threat notification to users across 92 countries warning of a “mercenary spyware attack” that could compromise the security of their iPhone device. (Photo by chainarong06 / Shutterstock)

Apple “mercenary spyware attack” not the first

Apple has sent threat notifications of this type to users in the past, though rarely on this geographical scale. These warnings, it says on a separate support page, are primarily designed to thwart “targeted attacks” against civil society figures like journalists, politicians, diplomats and activists by state actors. Apple recommends that all users who receive such notifications should update their devices to receive the latest security fixes available, as well as to practice strong cyber hygiene. 

According to Apple, a mercenary spyware attack is typically associated with state actors using malware designed by private companies like the creator of the notorious ‘Pegasus’ spyware, NSO Group. Discovered in 2016, Pegasus spyware and other strains like it can remotely extract multimedia from an infected phone and monitor its camera and microphone even when the device appears to be off. Though it remains difficult to definitively attribute breaches associated with this type of malware to a specific government or group, said the firm, “Apple threat notifications are high-confidence alerts” based on internal threat intelligence assessments and investigations. 

Pegasus infections continue

Though Apple has issued several threat notifications a year since 2021 across 150 countries, the geographic scale of its latest alert is unusual. The last notable alert was issued in October 2023, when Apple sent threat notifications to an unknown number of politicians in India. This immediately led to allegations from the opposition Congress Party that the government was spying on leading opposition figures. India’s minister for IT, Ashwini Vaishnaw, denied the accusations, stating that the government was investigating the matter and describing the threat notifications as “vague.”

Promoted by NSO Group as a crimefighting tool, Pegasus has been more closely associated with political repression and spying by authoritarian governments and law enforcement agencies since its development in 2011. Though banned in some countries, infections continue to be discovered. In February, for example, two members of a European Parliament defence subcommittee were targeted by Pegasus software by an unknown third party. Apple itself was forced to issue an emergency software update in September 2023, when it was revealed that Pegasus could be injected into iPhones remotely using a zero-day vulnerability in its iOS operating system. 

Read more: EU fines Apple €1.84bn following Spotify anti-competition claims

Content from our partners
Rethinking cloud: challenging assumptions, learning lessons
DTX Manchester welcomes leading tech talent from across the region and beyond
The hidden complexities of deploying AI in your business

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.