Apple has issued a threat notification to users in 92 countries, warning them that they may have been an individual target of mercenary spyware attacks.
The company took to its support blog to explain its threat notifications are designed to inform users they may have been individually targeted by mercenary spyware attacks because of who they are or what they do. Notably, Apple states these attacks are "vastly more complex than regular cybercriminal activity and consumer malware" as mercenary spyware groups have "exception resources," and they target a small number of specific individuals and their devices.
Additionally, Apple says these mercenary groups apply "millions of dollars" to their hacking ventures, and they only have a "short shelf life," which makes them very hard to detect/prevent. Apple says that historically, these attacks can be traced back to state-sponsored groups or private companies performing the attacks on behalf of the state, and since 2021, the company has notified users in over 150 countries.
However, Apple has decided to refrain from naming any specific geographical regions due to the complexity, sophistication, and worldwide nature of these spyware attacks, hence the naming change to "mercenary spyware attacks."
"The extreme cost, sophistication and worldwide nature of mercenary spyware attacks makes them some of the most advanced digital threats in existence today," writes Apple
Apple notifies users of a mercenary spyware attack by displaying a threat notification at the top of the page following the user signing into appleid.apple.com.
"Apple relies solely on internal threat-intelligence information and investigations to detect such attacks. Although our investigations can never achieve absolute certainty, Apple threat notifications are high-confidence alerts that a user has been individually targeted by a mercenary spyware attack and should be taken very seriously," adds Apple
Apple's guidance for all users
- Update devices to the latest software, as that includes the latest security fixes
- Protect devices with a passcode
- Use two-factor authentication and a strong password for Apple ID
- Install apps from the App Store
- Use strong and unique passwords online
- Don't click on links or attachments from unknown senders