Today, researchers have documented the first known case of using the infamous Pegasus spyware in a military conflict. The NSO-developed spyware was actively used to hack journalists, United Nations officials, members of civil society, and human rights advocates during the ongoing military conflict between Armenia and Azerbaijan. The conflict between the two countries is regarding a disputed region.
Interestingly, Apple alerted the victims of the spyware that their iPhones have been hacked using Pegasus spyware. For the unaware, Pegasus is a spyware developed by Israel-based NSO Group. The spyware is sold by the company to governments and law enforcement agencies. The spyware works by deploying zero-day vulnerabilities, which NSO Group, purchased from hackers. Pegasus spyware is capable of zero-click attacks wherein an iPhone can be hacked without any interaction from the user.
A report by The Guardian highlights the use of Pegasus to hack the personal data of at least a dozen high-profile people between October 2020 to December 2022. As per previous investigations, it has been established with “substantial evidence” that Azerbaijan is one of the clients of NSO Group and has purchased the spyware.
During the targeted attack, Apple sent notifications on the iPhone of users who were targeted with the military-grade spyware tool. “Anna Naghdalyan, a former Armenia foreign ministry spokesperson, was hacked at least 27 times between October 2020 and July 2021, at a time when she was still serving as a spokesperson for the ministry,” writes The Guardian.
While it is nearly impossible to avoid such attacks on iPhones due to the usage of zero-day vulnerabilities in spyware, Apple has devised means to identify compromised iPhones.
In 2021, Apple announced that it will start notifying the “small number of users” that were targeted by Pegasus via FORCEDENTRY exploit. Notably, the vulnerability has now been patched. The Cupertino-giant is also extending its efforts beyond Pegasus. Apple says it will continue notifying users that have been targeted by state-sponsored spyware attacks. It will carry out this in accordance with industry best practices.
Apple calls these alerts “Apple threat notifications” and informs the targeted users in two different ways. First, it displays a threat notification on the top of the web page after the targeted user signs in to appleid.apple.com. Second, Apple sends an email and an iMessage to notify users. The notification will contain additional steps the users can take to safeguard themselves.
Apple also mentions on its support page that some targeted attacks might go unnoticed, and it is not sure that all those who have been targeted will receive the notifications. Also, it says there might be some false threats as state-sponsored attacks are complex, and it is constantly evolving the techniques to track state-sponsored attacks on Apple devices.
Jibin Joseph is the Content Editor at iGeeksBlog and has excellent attention to detail. He is a voracious reader, with interests ranging from philosophy and history to geopolitics and tech. When not reading or correcting grammar, you’d find him engaging in discussions about football. You can follow him on Twitter and Instagram at @4ibin.