Apple warns users in 100 countries of targeted iPhone spyware attacks

May 1,TG盗号软件企业破解技术 2025  19:09

Apple has sent notifications to individuals in 100 countries who may have been targeted by sophisticated mercenary spyware attacks on their iPhones, with an Italian journalist and a Dutch right-wing activist among the first to publicly confirm receiving these warnings, writes Techi.

Global Mercenary Spyware Landscape

Mercenary spyware represents a sophisticated class of surveillance tools typically developed by private companies like NSO Group and Paragon Solutions for government clients. Unlike common malware, these attacks target specific individuals "because of who you are or what you do", focusing on journalists, politicians, activists, and diplomats across the globe. The attacks are resource-intensive, highly customized, and can extract multimedia, monitor cameras and microphones, and access sensitive data even when devices appear to be off.

Apple has been battling these threats since 2025, sending notifications to users in over 150 countries. Recent campaigns have affected users in 92 countries in April 2025 and 98 countries in July 2025, with notable targets including seven Italians and victims across more than a dozen European countries who were targeted by Paragon spyware. Geographic patterns reveal strategic targeting, with countries like Russia (28%) and Saudi Arabia (24%) experiencing disproportionate infection rates from spyware like Regin, while the US and China dominate as centers for malicious hosting infrastructure.

Targeted Victims in 100 Countries

Among the confirmed targets of Apple's recent spyware warnings are Ciro Pellegrino, a journalist from Italy working with news website Fanpage, and Eva Vlaardingerbroek, a Dutch political activist. Both received alerts via email and text message warning that their iPhones had been specifically targeted. Vlaardingerbroek characterized the attack as "an attempt to intimidate me, an attempt to silence me."

This latest wave of notifications follows a pattern of targeted attacks against journalists and activists. Earlier in 2025, WhatsApp alerted Francesco Cancellato, another Fanpage journalist, about spyware linked to Paragon Solutions, an Israeli company. Subsequently, two members of Mediterranea Saving Humans, an Italian NGO that assists immigrants-Luca Casarini and Beppe Caccia-also reported being targeted. The Italian government has denied involvement in these attacks, while Paragon reportedly severed ties with its Italian government client following these revelations.

Lockdown Mode Protection Features

Apple's Lockdown Mode offers extreme protection for users at high risk of sophisticated cyberattacks by significantly restricting device functionality. When enabled, it blocks most message attachments except images, disables link previews, restricts web technologies like just-in-time JavaScript compilation, blocks wired connections when the device is locked, and prevents installation of configuration profiles.

The security feature comes with notable tradeoffs. While it enhances protection against targeted spyware like Pegasus, it may reduce browsing anonymity as websites can detect when Lockdown Mode is active through "fingerprinting" techniques that identify missing features like custom fonts. This creates a paradoxical situation where increased security potentially makes high-risk users more identifiable online, as explained by Cryptee CEO John Ozbay: "Lockdown Mode makes you safer, but also makes you easier to identify in a crowd." To activate this protection, users must enable it separately on each Apple device through Privacy & Security settings, with the exception that enabling it on an iPhone automatically activates it on a paired Apple Watch.