Though rare and typically sent only to targeted individuals, mercenary spyware attacks being used across 92 countries are designed to remotely compromise an iPhone

Bangalore: Apple is sounding alarm bells over a wave of sophisticated and destructive spyware attacks against specific people across 92 countries. As reported by The Economic Times, Apple sent an email warning individuals in the crosshairs that they were "being targeted by a mercenary spyware attack that is trying to remotely compromise the iPhone."

The email explained that the attacks are targeting people specifically because of who they are or what they do. Though the email said that Apple couldn't be absolutely certain when detecting such attacks, the company had high confidence in the warning and urged people to take it seriously.

Apple also updated its support page on threat notifications and mercenary spyware. The page explains how mercenary spyware attacks work, how Apple will alert its users if they're the victims of such an attack, and what to do if you're targeted by this kind of attack.

So just what is a mercenary spyware attack, and should the average iPhone user be concerned? On the one hand, most iPhone users will never be targeted by these types of attacks. On the other hand, such an attack could prove devastating for you since the attacker could remotely control and steal sensitive data from your device.

Typically carried out by, or on behalf of, nation states, such attacks are usually launched against individuals with specific roles in society, such as journalists, activists, politicians, and diplomats. The goal is often to strike back at someone because of what they did or said, especially if it runs afoul of a government or political leader or other type of authority.

More advanced and complex than your average cybercrime, a mercenary spyware attack usually targets a small number of people. The attacks can still cost millions of dollars, according to Apple, and are often short lived, creating a challenge for anyone attempting to detect and stop them. Though these attacks are rare, Apple has sent out threat notifications multiple times per year since 2021, notifying people in more than 150 countries.

"It's really important to recognize that mercenary spyware, unlike others, is deliberately designed with advanced capabilities, including zero-day exploits, complex obfuscation techniques, and self-destruct mechanisms, making it highly effective and hard to detect," Krishna Vishnubhotla, VP of Product Strategy at mobile security provider Zimperium, told ZDNET. "Operating in stealth is key to its success. The developers of mercenary spyware go to great lengths to remove any clues that might link the software back to them or their clients."

Probably the best known spyware for these types of attacks is Israel-based NSO Group's Pegasus, which has been used in mercenary spyware campaigns against noted journalists, politicians, and other individuals. The NSO Group typically skirts any responsibility, claiming that the firm sells Pegasus only to intelligence and law enforcement agencies and that Pegasus can only be used against terrorists and criminals.

Apple and other companies have nevertheless sued the NSO Group for its role in state-sponsored attacks. Apple has also been forced to create and deploy bug fixes for the iPhone, iPad, Mac, and Apple Watch to shore up vulnerabilities exploited by Pegasus.