Apple Alerts Prominent Pegasus Spyware Victims Following Lawsuit Against NSO Group

Apple has started sending threat notification alerts to its customers who may have been victims of targeted spyware attacks. On November 24, Apple customers received SMS and email alerts from “threat-notifications@apple.com”. The victims include prominent journalists, politicians, and high-ranking government officials.

As reported by news outlets, the alert from Apple warned users with the following message “you are being targeted by state-sponsored attackers who are trying to remotely compromise the iPhone associated with your Apple ID”.  The alert further read, “these attackers are likely targeting you individually because of who you are or what you do. If your device is compromised by a state-sponsored attacker, they may be able to remotely access your sensitive data, communications, or even the camera, and microphone. While it’s possible this is a false alarm, please take this warning seriously”.

With the increasing use of smartphones and tablets in the workplace, particularly among C-Suite executives, threat actors will attempt to remain hidden and remotely collect victims’ most sensitive data, including communications, credentials, confidential documents, etc.  Mobile and IoT devices have a significantly high-risk exposure because they always remain connected to the internet.  Since they’re relatively new or emerging technologies, they’re at a higher risk of zero-day exploits targeting vulnerabilities, which haven’t been discovered yet or are being sold along with exploits to the highest bidder on the dark web.

Mobile spyware is increasingly becoming more complex and sophisticated with the ability to use polymorphic and self-destructive tactics to evade detection.

How We Help

• Forensic assessment of your critical IT assets, investigating for any indicators of compromise to uncover how a breach manifested in the past, as well as detecting hidden or dormant threats.
• Technical assessment of the extent of a breach in terms of identifying IT assets and IP targeted.
• Real-time threat detection and monitoring using up-to-date enterprise threat intelligence feeds.
• Identification of any previously unknown vulnerabilities that exist and mitigating these.
• Threat classification, remediation, and prevention advisory services, along with incident response and recovery planning.

At Ankura, we have a dedicated team of experts from law enforcement, intelligence, security, and forensic backgrounds that can help you analyze your most critical assets for any vulnerabilities and indicators of compromise associated with the rapidly evolving threat landscape. We help our clients globally with Cyber Investigative, Managed Data Protection and Technology, Privacy and, Cyber Risk Advisory services.© Copyright 2021. The views expressed herein are those of the author(s) and not necessarily the views of Ankura Consulting Group, LLC., its management, its subsidiaries, its affiliates, or its other professionals. Ankura is not a law firm and cannot provide legal advice.