On April 11, Apple sent threat notifications to iPhone users in 92 countries on Wednesday, warning them that may have been targeted by mercenary spyware attacks.
According to a research and intelligence report on the Blackberry Blog, China may have been behind the attack that used “a sophisticated iOS implant,” called LightSpy. LightSpy is described as a sophisticated iOS implant, first reported in 2020 in connection with a watering-hole attack against Apple device users.
Specifically, it is a fully-featured modular surveillance toolset that primarily focuses on exfiltrating victims’ private information, including hyper-specific location data and sound recording during voice over IP (VOIP) calls. Blackberry Blog says this makes it particularly dangerous to victims, with as many consequences as can be imagined relating to a threat actor being able to locate their target with near-perfect accuracy.
Apple’s threat notification didn’t disclose the attackers’ identities or the countries where users received notifications. “Apple detected that you are being targeted by a mercenary spyware attack that is trying to remotely compromise the iPhone associated with your Apple ID -xxx-, ”the tech giant wrote in the warning to affected customers. ““This attack is likely targeting you specifically because of who you are or what you do. Although it’s never possible to achieve absolute certainty when detecting such attacks, Apple has high confidence in this warning — please take it seriously,” Apple added in the text.
