What are spyware threat notifications
Apple threat notifications are designed to inform and assist users who may have been individually targeted by mercenary spyware attacks.These threat notifications are designed to inform and assist users who may have been individually targeted by mercenary spyware attacks, likely because of who they are or what they do.
What are mercenary spyware attacks
Mercenary spyware attacks are vastly more complex than regular cybercriminal activity and consumer malware, as mercenary spyware attackers apply exceptional resources to target a very small number of specific individuals and their devices. Mercenary spyware attacks cost millions of dollars and often have a short shelf life, making them much harder to detect and prevent. The vast majority of users will never be targeted by such attacks. The extreme cost, sophistication, and worldwide nature of mercenary spyware attacks makes them some of the most advanced digital threats in existence today. As a result, Apple does not attribute the attacks or resulting threat notifications to any specific attackers or geographical regions.
Who are likely targets of mercenary spyware attacks
According to Apple, “…public reporting and research by civil society organizations, technology firms, and journalists, individually targeted attacks of such exceptional cost and complexity have historically been associated with state actors, including private companies developing mercenary spyware on their behalf, such as Pegasus from the NSO Group. Though deployed against a very small number of individuals — often journalists, activists, politicians, and diplomats — mercenary spyware attacks are ongoing and global. Since 2021, we have sent Apple threat notifications multiple times a year as we have detected these attacks, and to date we have notified users in over 150 countries in total.”
How Apple sends these notifications
If Apple detects activity consistent with a mercenary spyware attack, we notify the targeted users in two ways:
1. A Threat Notification is displayed at the top of the page after the user signs into appleid.apple.com.
2. Apple sends an email and iMessage notification to the email addresses and phone numbers associated with the user’s Apple ID.
These notifications provide additional steps that notified users can take to help protect their devices, including enabling Lockdown Mode.
What should users who have recieved these notifications do
If you have received an Apple threat notification, Apple says on its page: “We strongly suggest you enlist expert help, such as the rapid-response emergency security assistance provided by the Digital Security Helpline at the nonprofit Access Now. Apple threat notification recipients can contact the Digital Security Helpline 24 hours a day, seven days a week through their website. Outside organizations do not have any information about what caused Apple to send a threat notification, but they can assist targeted users with tailored security advice.”