Apple notifies victims in 100 countries of likely spyware targeting

Apple this week sent threat notifications advising users in 100 countries that their phones had been targeted by advanced commercial spyware, according to a victim of the attacks.

Cyrus Pellegrino, an Italian journalist who received a notification, came forward in a column published Wednesday. 

A second victim, right-wing Dutch author and pundit Eva Vlaardingerbroek, posted on X Wednesday that she too received the Apple notification.

Pellegrino works for Fanpage, whose editor, Francesco Cancellato, revealed he had been targeted with Paragon spyware in late January. Cancellato had previously exposed young fascists inside prime minister Giorgia Meloni’s far-right party.

It is unclear what type of spyware targeted Pellegrino and Vlaardingerbroek’s phones, but in his article revealing the attack Pellegrino noted “some elements would seem to indicate” the targeting of his device is linked to 90 Paragon attacks WhatsApp reported detecting in January.

Several victims in the Paragon attacks are critics of Meloni’s government. She has so far denied involvement.

Vlaardingerbroek, a well-known Dutch activist, said on X she knows nothing about the attack other than that “someone is trying to intimidate me.”

“I have a message for them: It won’t work,” she wrote.

Pellegrino posted a screenshot of the notification, which said Apple has “high confidence” in its findings.

“This attack is likely targeting you specifically because of who you are or what you do,” it said.

Apple did not immediately respond to a request for comment. 

The company has sent threat notifications multiple times a year since 2021, according to an April 23 blog post in which it detailed the program but did not reveal the latest wave of detections.

The post said the company has notified users of spyware threats in more than 150 countries to date.

“The extreme cost, sophistication, and worldwide nature of mercenary spyware attacks makes them some of the most advanced digital threats in existence today,” the blog post said. “As a result, Apple does not attribute the attacks or resulting threat notifications to any specific attackers or geographical regions.”

Pellegrino’s Wednesday article underscored the insidiousness of the spyware scourge. The journalist said he came home after he was notified and signaled his wife to be quiet, putting his phone in the microwave before telling her what had happened.

“These ‘high-end’ surveillance software are activated without you having to or being able to do anything,” he wrote. “A message arrives and you are screwed.” 

“From the moment the phone is infected, the spyware operator has full access to the device, can read, see and download everything,” he added. “Phones are the black boxes of our existence … Try to imagine this package - huge - of sensitive data in the hands of malicious individuals.”