American Multinational tech brand, Apple warned several opposition leaders and some journalists on Monday of a state-sponsored cyber attack. The message reads “State-Sponsored Attackers May Be Targeting Your iPhone”.
The persons who received this alert message include
- Mahua Moitra (Trinamool Congress MP)
- Priyanka Chaturvedi (Shiv Sena UBT MP)’
- Raghav Chadha (AAP MP)
- Shashi Tharoor (Congress MP)
- Asaduddin Owaisi (AIMIM MP)
- Sitaram Yechury (CPI(M) General Secretary and former MP)
- Pawan Khera (Congress spokesperson)
- Akhilesh Yadav (Samajwadi Party president)
- Siddharth Varadarajan (Founding Editor, The Wire)
- Sriram Karri (Resident Editor, Deccan Chronicle)
- Samir Saran (President, Observer Research Foundation)
- Revathi (Independent journalist)
- K.C. Venugopal (Congress MP)
- Supriya Sule (NCP MP)
- Revanth Reddy (Congress MP)
- T.S. Singhdeo (Chhattisgarh deputy CM and Congress leader)
- Ravi Nair (Journalist, OCCRP)
- K.T. Rama Rao (Telangana minister and BRS leader)
- Anand Mangnale (Regional Editor, South Asia, OCCRP)
- Multiple people who work in Congress MP Rahul Gandhi’s office
Received from an Apple ID, threat-notifications@apple.com, which I have verified. Authenticity confirmed. Glad to keep underemployed officials busy at the expenses of taxpayers like me! Nothing more important to do?@PMOIndia @INCIndia @kharge @RahulGandhi pic.twitter.com/5zyuoFmaIa
— Shashi Tharoor (@ShashiTharoor) October 31, 2023
Writing officially to @loksabhaspeaker @ombirlakota requesting he follow RajDharma to protect Opposition MPs & summon @HMOIndia officials ASAP on our phones/email being hacked. Priveleges Committee needs to take up. @AshwiniVaishnaw this is real breach you need to worry about.
— Mahua Moitra (@MahuaMoitra) October 31, 2023
Received text & email from Apple warning me Govt trying to hack into my phone & email. @HMOIndia – get a life. Adani & PMO bullies – your fear makes me pity you. @priyankac19 – you, I , & 3 other INDIAns have got it so far . pic.twitter.com/2dPgv14xC0
— Mahua Moitra (@MahuaMoitra) October 31, 2023
Early this morning I received a concerning notification from Apple, warning me about a potential state-sponsored spyware attack on my phone. The notification states that, “If your device is compromised by a state-sponsored attacker, they may be able to remotely access your… pic.twitter.com/JrVD9Zh9im
— Raghav Chadha (@raghav_chadha) October 31, 2023
;
Apple Warns at Least 3 Indian MPs, Political Leader, Senior Journalist About ‘State-Sponsored’ Attack on Phone https://t.co/KC5p2rr7iF
Did Apple alert you on your iPhone recently about a state-sponsored attempt to target your device?
DM us at editorial@thewire.in if they did pic.twitter.com/yEMzW6xj2x
— Siddharth (@svaradarajan) October 31, 2023
Dear Modi Sarkar, why are you doing this? pic.twitter.com/3hWmAx00ql
— Pawan Khera 🇮🇳 (@Pawankhera) October 31, 2023
Received an Apple Threat Notification last night that attackers may be targeting my phone
ḳhuub parda hai ki chilman se lage baiThe haiñ
saaf chhupte bhī nahīñ sāmne aate bhī nahīñ pic.twitter.com/u2PDYcqNj6— Asaduddin Owaisi (@asadowaisi) October 31, 2023
“Should Not Be Considered False Alarms”: Apar Gupta, IFF Founder
Internet Freedom Foundation Founder, Apar Gupta shared a long tweet emphasizing that such alerts should not be considered false alarms.
He tweeted,
“Multiple parliamentarians including @priyankac1z and @MahuaMoitra are making public statements regarding threat notifications by Apple. These threat notifications are due to state sponsored attacks that use spyware such as Pegasus to infect their smartphone.
As per Apple, “Apple threat notifications are designed to inform and assist users who may have been targeted by state-sponsored attackers. These users are individually targeted because of who they are or what they do. Unlike traditional cybercriminals, state-sponsored attackers apply exceptional resources to target a very small number of specific individuals and their devices, which makes these attacks much harder to detect and prevent. State-sponsored attacks are highly complex, cost millions of dollars to develop and often have a short shelf life….State-sponsored attackers are very well-funded and sophisticated, and their attacks evolve over time. Detecting such attacks relies on threat intelligence signals that are often imperfect and incomplete. It’s possible that some Apple threat notifications may be false alarms, or that some attacks are not detected.”
Let me directly address the naysayers. Are these merely ‘false alarms’? Let’s consider the evidence:
Firstly, reports indicate that India has been a ground for deploying Pegasus spyware by NSO Group, an Israeli firm. In October, 2019, state attackers targeted activists, and in July, 2021 they extended their reach to public officials and journalists. The Union Government has not clearly denied these activities in the Supreme Court of India. Moreover, investigations by Amnesty, Citizen Lab, and notifications from WhatsApp corroborate its use, suggesting a pattern in India and a matching victim profile.
Secondly, Access Now and Citizen Lab last month confirmed the validity of Apple’s threat notifications sent to Russian journalists, including Meduza’s publisher. These confirmations lend high credibility to such notifications.
Thirdly, the Financial Times disclosed in March that India is seeking new spyware contracts starting at approximately $16 million and potentially escalating to $120 million in the next few years. These contracts involve companies like the Intellexa Alliance, recently featured in a report called ‘The Predator Files’.
With imminent state assembly elections and the 2024 general elections not far off, the timing of these threat notifications is alarming. Public cynicism or judicial stupor should not preclude us from demanding an independent, transparent technical analysis and clear disclosures from the Government of India regarding its spyware purchases and deployments. This issue strikes at the heart of Indian democracy.”
Apple Issued Statement On State-Sponsored Cyberattack Alert Messages
Commenting on this, Apple confirmed that it has sent the notifications but added that it doesn’t attribute the threat notifications to any specific state-sponsored attack.
“Apple does not attribute the threat notifications to any specific state-sponsored attacker. It’s possible that some Apple threat notifications may be false alarms, or that some attacks are not detected,” the statement reads.
The company added that it cannot disclose the information about what causes the company to issue such notifications, as it could help the attackers adapt their behaviour to evade detection in the future.
“State-sponsored attackers are very well-funded and sophisticated, and their attacks evolve over time. Detecting such attacks relies on threat intelligence signals that are often imperfect and incomplete. It’s possible that some Apple threat notifications may be false alarms, or that some attacks are not detected. We are unable to provide information about what causes us to issue threat notifications, as that may help state-sponsored attackers adapt their behavior to evade detection in the future,” the company said.
Threat Notifications Only Vague And Merely Estimations: IT Minister
Union Minister for Communications, Electronics & Information Technology Ashwini Vaishnaw conducted a press conference and stated that the matter will be investigated with accuracy. He added that the threat alert messages received by the several people are vague and merely estimations.
What Is A State Sponsored Attack?
A state-sponsored attack, also known as an advanced persistent threat (APT), is a cyberattack that is initiated, funded, or supported by a government or state entity. These attacks are typically conducted for various purposes, including espionage, political influence, economic espionage, and military advantage. State-sponsored attackers are often well-funded, highly skilled, and have access to extensive resources, making them a formidable threat in the realm of cybersecurity.
State-sponsored attacks can target a wide range of entities, including other governments, critical infrastructure, private companies, research institutions, and individuals. These attacks often involve sophisticated techniques, such as malware, phishing, social engineering, and zero-day exploits, to infiltrate and compromise their targets.
Some notable examples of state-sponsored attacks include the Stuxnet worm, believed to be developed by the United States and Israel to target Iran’s nuclear program, and the alleged Russian interference in the 2016 U.S. presidential election through hacking and disinformation campaigns.
Governments engage in state-sponsored attacks for a variety of reasons, including national security, economic advantage, and political influence. These attacks can have significant consequences, and defending against them requires robust cybersecurity measures, international cooperation, and diplomatic efforts to deter such activities.
What To Do If You Receive The Same “State Sponsored Attack” Threat Notification?
To safeguard against cybercriminals and consumer malware, it’s crucial for all users to adhere to these security best practices:
- Ensure your devices are running the most up-to-date software versions.
- Secure your devices with a robust passcode or PIN.
- Implement two-factor authentication and establish a sturdy, unique password for your Apple ID.
- Only download and install apps from official sources like the App Store.
- Employ strong and distinct passwords for your online accounts.
- Exercise caution and avoid clicking on links or opening attachments sent by unfamiliar or unverified senders.