Apple has issued a warning regarding highly sophisticated “mercenary spyware” attacks targeting a select group of its users.
The company’s threat notification system is designed to alert and support individuals who may have been targeted due to their profession or public profile, such as journalists, activists, politicians, and diplomats, CERT-FR said.
These attacks are far more complex and resourceful than typical cybercriminal activities. Mercenary spyware campaigns are exceptionally well-funded, costing millions of dollars, and are engineered to target a select few specific individuals.
Due to their sophistication and often short lifespan, they are challenging to detect and prevent. Historically, these types of advanced, targeted attacks have been linked to state actors or private firms that develop spyware on their behalf.
Notable examples of such spyware include Pegasus from the NSO Group, as well as Predator, Graphite, and Triangulation. Although only a small number of people are targeted, these attacks are ongoing and have a global scope.
Since 2021, Apple has sent threat notifications to users in over 150 countries, highlighting the widespread nature of this threat. Due to the extreme cost and complexity of these operations, Apple does not attribute the attacks to specific entities or geographic locations.
How Apple Notifies Targeted Users
When Apple’s internal threat intelligence detects activity consistent with a mercenary spyware attack, it alerts the targeted user through two primary methods:
- A Threat Notification banner appears at the top of the page when the user signs in to their
account.apple.comportal. - An email and iMessage notification is sent to the contact points associated with the user’s Apple Account.
These official notifications will never ask a user to click on links, open files, install applications, or provide their Apple Account password or verification code.
To confirm a notification’s authenticity, users should sign in directly to their Apple account. Apple strongly urges anyone who receives a threat notification to take it very seriously and seek expert assistance.
The company recommends contacting the Digital Security Helpline, a service provided by the non-profit organization Access Now, which offers rapid-response emergency security support.
For those notified, it is crucial to avoid making changes to the device, such as resetting it or deleting apps, as this could hinder forensic investigations.
For added protection, especially for those who have been notified or believe they are at high risk, Apple recommends enabling Lockdown Mode on their devices.
This feature enhances security by restricting certain functionalities that could be exploited.
For all users, Apple reiterates the importance of following general cybersecurity best practices:
- Keep devices updated with the latest software.
- Protect devices with a strong passcode.
- Use two-factor authentication for your Apple Account.
- Install applications exclusively from the App Store.
- Use strong, unique passwords for online accounts.
- Avoid clicking on links or attachments from unknown senders.
While the vast majority of users will never be the target of such sophisticated attacks, adhering to these security measures provides a strong defense against more common cyber threats.
Find this Story Interesting! Follow us on Google News, LinkedIn, and X to Get More Instant Updates.
Source link
