On Tuesday morning, Parliamentarians Mahua Moitra, Shashi Tharoor, Priyanka Chaturvedi, and Asaduddin Owaisi tweeted that they received official notifications on their iPhone handsets, suggesting that “state-sponsored attackers” could be targeting their devices. While this may have come as a surprise to many, Apple does have a dedicated notification system in place, designed to safeguard and support users who may have fallen prey to the clutches of state-sponsored attackers.
"Apple does not attribute the threat notifications to any specific state-sponsored attacker," Apple responded in a statement, as per ANI. Nevertheless, the company has a dedicated support page for threat notifications, which clarifies its stance on these attacks.
As per the Cupertino tech giant, certain individuals are selected as targets due to their distinct identities or professional roles. In stark contrast to run-of-the-mill cyber attacks, “state-sponsored attackers” channel substantial resources toward pursuing a minuscule group of specific targets and their associated devices, as per Apple. This heightened level of precision renders these attacks considerably more challenging to both identify and thwart.
Moitra took to X (formerly Twitter) to suggest that a total of five people have received such messages.
Tharoor, Chaturvedi, and Owaisi also tweeted their screenshots. “Glad to keep underemployed officials busy at the expenses of taxpayers like me! Nothing more important to do?” Tharoor tweeted.
Apple claims that state-sponsored attacks are “very well-funded and sophisticated,” and that the attacks evolve over time.
However, Apple also clarified that in some cases, the notifications could very well be “false alarms”. “Detecting such attacks relies on threat intelligence signals that are often imperfect and incomplete. It’s possible that some Apple threat notifications may be false alarms, or that some attacks are not detected. We are unable to provide information about what causes us to issue threat notifications, as that may help state-sponsored attackers adapt their behaviour to evade detection in the future,” the company wrote on its Support page.
It should be noted that Apple's threat notifications will never prompt users to engage in activities such as clicking on links, opening files, installing applications or profiles, or disclosing your Apple ID password or verification code via email or over the phone.
If you wish to authenticate an Apple threat notification, log in to appleid.apple.com. Once signed in, a legitimate Apple threat notification will be prominently displayed at the top of the page for your verification.