Select iPhone users in Armenia have been sent notifications by Apple that say "state-sponsored attackers" may be targeting them.
The alerts were reportedly sent on October 30, 2023, which is the same day that Apple sent similar notifications to specific Indian politicians. In every case, the alert stresses that it could yet be a false alarm, but that there is reason to suspect that the user's iPhone has been targetted.
According to local publication Media.am, the alert means that the receiving iPhone "has likely been infected with Pegasus spyware, which was most likely installed by the Israeli company NSO Group on behalf of the Azerbaijani government."
Apple's alert gives no such detail of who may be hacking, or whether they are using NSO Pegasus. Rather, it warns of any state-sponsored hacking — or the appearance of it — and details recommended steps for the user to follow.
Citing its separate research Media.am claims that "the use of Pegasus by the authorities of Azerbaijan has allegedly targeted around a thousand individuals within their borders."
"The number of people targeted in Armenia is expected to be much higher, possibly in the thousands," it continues. "However, it is difficult to get an accurate estimate of the total number of individuals targeted by Pegasus."
In the example notification shown by the publication, the recipient is reminded that he or she has been notified once before and stresses that this is a new occurrence of hacking, or attempted hacking.
Media.am says that not everyone reports receiving this latest alert, but for example, "trustworthy individuals have communicated to us that 'everyone in our department has received it'."
As previously reported, NSO Pegasus has been used by the Azerbaijan government over its conflict with Armenia.
The use of Pegasus by governments has become so common that in 2021, Apple introduced its threat alert systems.
7 Comments
I wonder how do they know if their iPhones are hacked? Does the updates now include scanning for Pegasus software or do they look for distinctive behaviors?
Great to see this.
Who watches the watchers? If Apple can detect this and report back to themselves that something bad is happening, isn’t this feature in itself an attack vector? A backdoor?