Urgent Security Advisory: Apple Raises Alarm Over Pegasus Spyware Targeting iPhones
On Wednesday, Apple issued threat notifications to users in 92 countries, alerting them to the possibility of being targeted by “mercenary spyware attacks.” This cautionary message arrives at a time when numerous nations are gearing up for crucial elections.
What you need to know
Apple updated the security notice on its website Wednesday, which states that threat notifications are “designed to inform and assist users who may have been individually targeted by mercenary spyware attacks.”
According to several Indian news outlets, including the Economic Times and the Indian Express, some iPhone users in the country received notifications from Apple alerting them of an attack “that is trying to remotely compromise the iPhone associated with your Apple ID.”
The notification informed the user they were likely being targeted specifically “because of who you are or what you do,” and urged them to take it “seriously.”
The reports do not name any individuals in India who received the notifications, but it comes just a week before the start of the country’s six-week general elections—the world’s largest democratic exercise.
Apple doesn’t include specific steps for users who have received the notifications, other than urging them to enlist help from cybersecurity experts.
BIG NUMBER
150. That’s the number of countries in which iPhone users have received threat notifications since 2021, the company said.
KEY BACKGROUND
In October, Apple sent out similar notifications to several prominent political leaders in India who represented opposition parties. Rahul Gandhi, the top leader of Congress—India’s main opposition party—told reporters he and several members of his and other opposition parties had received notifications that their iPhones were being targeted by “state-sponsored attackers.” At the time, Gandhi called out Prime Minister Narendra Modi’s government and accused them of carrying out the attack. Prominent activists and journalists who are critical of the Modi government also received the notification at the time. Apple confirmed it had sent out the notifications but said it had not attributed it to a “specific state-sponsored attacker.” In late December, Amnesty International said it had conducted a forensic investigation to confirm Apple’s findings and said NSO Group’s Pegasus spyware was used to carry out the attacks. Indian authorities publicly denied carrying out the attacks but, according to the Washington Post, they reportedly pressured Apple to “come up with alternative explanations for the warnings to users,” to ease the political fallout.
FURTHER READING
Apple warns users of “mercenary spyware” attack; India, 91 other countries impacted (Economic Times)
Apple warns some Indian users their iPhone may be bugged by Pegasus-type spyware (Indian Express)
Kenyan intelligence agency NIS has also been accused of using NSO Group’s Pegasus Spyware.
