In late March Patently Apple posted a report titled Apple Users being Targeted with Multi-Factor Authentication Bombing Attacks." Today, a new report states that Apple has warned its users overnight in India and ninety-one other countries that they were possible victims of a "mercenary spyware attack", according to a threat notification email that was sent to targeted users.

The company discovered that attackers tried to "remotely compromise the iPhone", Apple said in the notification email seen by Reuters.

Mercenary spyware attacks are rare and vastly more sophisticated than regular cybercriminal activity or malware, according to the notification email.

In October 20223, some Indian lawmakers shared screenshots on social media of a notification quoting the iPhone manufacturer as saying: "Apple believes you are being targeted by state-sponsored attackers who are trying to remotely compromise the iPhone associated with your Apple ID". Reuters

About Apple threat notifications and protecting against mercenary spyware

Apple's support page on this matter states that "Mercenary spyware attacks are exceptionally well funded, and they evolve over time. Apple relies solely on internal threat-intelligence information and investigations to detect such attacks. Although our investigations can never achieve absolute certainty, Apple threat notifications are high-confidence alerts that a user has been individually targeted by a mercenary spyware attack, and should be taken very seriously. We are unable to provide information about what causes us to issue threat notifications, as that may help mercenary spyware attackers adapt their behavior to evade detection in the future.

Apple threat notifications will never ask you to click any links, open files, install apps or profiles, or provide your Apple ID password or verification code by email or on the phone. To verify that an Apple threat notification is genuine, sign in to appleid.apple.com. If Apple sent you a threat notification, it will be clearly visible at the top of the page after you sign in.

If you have received an Apple threat notification

Apple strongly suggests that you enlist expert help, such as the rapid-response emergency security assistance provided by the Digital Security Helpline at the nonprofit Access Now. Apple threat notification recipients can contact the Digital Security Helpline 24 hours a day, seven days a week through their website. Outside organizations do not have any information about what caused Apple to send a threat notification, but they can assist targeted users with tailored security advice. For more, read Apple's warning on Mercenary Spyware.