Apple explains its threat notifications system regarding state-sponsored attacks

Yesterday Apple announced that it had filed a lawsuit against NSO Group and its parent company “to hold it accountable for the surveillance and targeting of Apple users.” Now, in a new support document, the tech giant says if it discovers activity consistent with a state-sponsored attack, we notify the targeted users in two ways:

• A Threat Notification is displayed at the top of the page after the user signs into appleid.apple.com.
• Apple sends an email and iMessage notification to the email addresses and phone numbers associated with the user’s Apple ID.

Here’s what Apple says about its threat notifications: Apple threat notifications are designed to inform and assist users who may have been targeted by state-sponsored attackers. These users are individually targeted because of who they are or what they do. Unlike traditional cybercriminals, state-sponsored attackers apply exceptional resources to target a very small number of specific individuals and their devices, which makes these attacks much harder to detect and prevent. State-sponsored attacks are highly complex, cost millions of dollars to develop, and often have a short shelf life. The vast majority of users will never be targeted by such attacks.

….Apple threat notifications will never ask you to click any links, open files, install apps or profiles, or provide your Apple ID password or verification code by email or on the phone. To verify that an Apple threat notification is genuine, sign in to appleid.apple.com. If Apple sent you a threat notification, it will be clearly visible at the top of the page after you sign in.

NSO Group Technologies is an Israeli technology firm primarily known for its proprietary spyware Pegasus, which is capable of remote zero-click surveillance of smartphones. It was founded in 2010 by Niv Karmi, Omri Lavie, and Shalev Hulio.

Apple says the complaint provides new information on how the NSO Group infected victims’ devices with its Pegasus spyware. To prevent further abuse and harm to its users, Apple says it’s also seeking a permanent injunction to ban NSO Group from using any Apple software, services, or devices.