Skip links

Apple stops warning of ‘state-sponsored’ attacks, now alerts about ‘mercenary spyware’

Apple has made a significant change to the wording of its threat notifications, opting not to attribute attacks to a specific source or perpetrator, but categorizing them broadly as “mercenary spyware.”

With the revised verbiage, announced Wednesday, Apple is referring to the infection of devices with NSO Group’s Pegasus spyware and other similar software. The fruit cart cited public reporting and research as defining such spyware as having “historically been associated with state actors.”

Apple itself has run with that assumption and, since 2021, sent messages multiple times a year to users believed to be infected with the spyware. On Wednesday, it revealed individuals had received such notifications in over 150 countries (the UN recognizes 195 countries in the world, indicating that Apple devices – and the miscreants attacking them – have broad reach).

However, Cupertino will make a slight linguistic change it attributed to the difficulty associated with identification.

“The extreme cost, sophistication, and worldwide nature of mercenary spyware attacks make them some of the most advanced digital threats in existence today. As a result, Apple does not attribute the attacks or resulting threat notifications to any specific attackers or geographical regions,” reasons the announcement flagging the change.

The shift away from hinted attribution coincides with the release of notifications across 92 countries – including India. According to Reuters, Apple told recipients that attackers attempted to “remotely compromise the iPhone.”

The media outlet linked the timing of Apple removing the phrase “state-sponsored” to repeated pressure from the Indian government.

Prime minister Narendra Modi’s government was accused of hacking into devices used by opposition politicians when a round of these notifications went out last October – giving the opposition fuel for criticism just before general elections kick off on April 19. Modi is vying for a third term as PM.

There is no direct proof either way whether Modi’s party is or isn’t responsible for attacks that utilize mercenary spyware, and warnings of “state-sponsored” attacks landing on Indians’ iThings could be a reference to states other than India. It’s a situation ripe for the abuse of the paradox of plausible deniability – particularly as the passing of laws that would tackle such scenarios in India drag on.

Apple called mercenary spyware attacks “exceptionally well funded” and detailed that they evolve over time. It declined to provide information about the evidence that sees it issue these threat notifications, as doing so could alert mercenary spyware attackers on how to avoid such behavior in the future.

“Although our investigations can never achieve absolute certainty, Apple threat notifications are high-confidence alerts that a user has been individually targeted by a mercenary spyware attack, and should be taken very seriously,” the company’s document added.

Those who receive threat notifications are pointed toward internet censorship nonprofit Access Now for assistance. ®