Apple Warns of Mercenary Spyware Attacks Targeting User Devices

Apple has issued urgent warnings about sophisticated spyware attacks targeting specific users worldwide, including journalists, activists, politicians, and diplomats.

Mercenary spyware attacks differ significantly from regular cybercriminal activity.

These attacks cost millions of dollars and target only a small number of individuals based on their profession or status.

The attacks are often linked to state actors and private companies like NSO Group, which develops the notorious Pegasus spyware.

Since 2021, Apple has sent threat notifications to users in over 150 countries who may have been targeted by these sophisticated attacks.

The company detects these threats through internal intelligence and investigation methods, though they cannot achieve absolute certainty in their assessments.

How Apple Notifies Targeted Users

When Apple detects suspicious activity consistent with mercenary spyware attacks, they alert users through two methods.

First, a threat notification appears at the top of the page when users sign into their Apple account at account.apple.com. Second, Apple sends both email and iMessage notifications to addresses associated with the user’s Apple Account.

Users receiving Apple threat notifications should take the alerts very seriously.

Apple recommends contacting expert help immediately, such as the Digital Security Helpline provided by Access Now, which offers 24/7 emergency security assistance specifically for Apple threat notification recipients.

Important security measures include avoiding any modifications to affected devices, such as resets, app deletions, updates, or restarts, as these actions may interfere with investigations. Users should also preserve the original notification email from Apple.

Apple recommends enabling Lockdown Mode for additional protection against sophisticated attacks.

This extreme security feature significantly limits device functionality by restricting apps, websites, and features to provide maximum protection against advanced threats.

Additional protective measures include keeping devices updated with the latest software, using strong passcodes, enabling two-factor authentication, installing apps only from the App Store, and avoiding suspicious links or attachments from unknown senders.

Organizations should provide dedicated devices for professional use and maintain heightened awareness of emails from Apple’s threat notification addresses.

During sensitive meetings, electronic devices should be kept outside the meeting room to prevent potential surveillance.

The French cybersecurity agency CERT-FR has documented multiple notification campaigns in 2025, occurring on March 5, April 29, June 25, and September 3, highlighting the ongoing nature of these threats.

Legitimate Apple threat notifications never ask users to click links, open files, install applications, or provide passwords via email or phone.

Users can verify genuine notifications by signing into account.apple.com, where real alerts will be clearly visible at the top of the page.

The sophisticated nature of these attacks, combined with their exceptional funding and evolving techniques, makes them extremely difficult to detect and prevent.

Apple’s proactive notification system serves as a crucial early warning system for individuals who may be at risk from these state-sponsored cyber threats.

Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates.