Apple Warns Targets of Global Spyware Campaign as Mercenary Surveillance Creeps Wider

In an increasingly digital arms race, Apple has once again sounded the alarm: this week, the company sent spyware attack notifications to users spanning over 100 countries, warning that they may have been targeted by sophisticated “mercenary” surveillance software.

Among those who received the ominous alerts were Italian journalist Ciro Pellegrino and Dutch political activist Eva Vlaardingerbroek, both of whom publicly confirmed they were notified by Apple that their iPhones had been singled out in highly targeted campaigns.

“Today’s notification is being sent to affected users in 100 countries,” read Apple’s message to Pellegrino, according to his account in Fanpage, where he stressed the legitimacy of the warning: “Did this really happen? Yes, it is not a joke.”

For Vlaardingerbroek, the news came with a chilling undertone. In a video posted to X, she shared Apple’s stark alert: “Apple detected a targeted mercenary spyware attack against your iPhone… This attack is likely targeting you specifically because of who you are or what you do.” Her response? “This is an attempt to intimidate me, an attempt to silence me, obviously.”

The company hasn’t specified which spyware or threat actors are behind the notifications, nor have they publicly identified the vendor of the exploit. But the notification aligns with Apple’s policy of proactively warning potential victims of state-sponsored or highly resourced surveillance attempts—often linked to governments using spyware sourced from private firms.

While Apple declined to comment on the latest campaign, the alerts underscore the continued rise of commercial spyware, which increasingly blurs the line between national security tools and tools for repression.

“Apple has proactively alerted users across 100 countries of targeted spyware attacks, highlighting the sophisticated nature of modern cyber threats,” said Adam Boynton, Senior Security Specialist at Jamf. “The targeted recipients, including a journalist and a political activist, underscore that spyware typically aims at high-profile individuals with significant access, contacts, or influence.”

Boynton emphasized that while these tools are typically aimed at specific targets, they’re a harbinger of the growing threat surface for all mobile users. “While the risk to the average user remains low, this incident is a clear reminder of the evolving capabilities of threat actors and the increasing prevalence of mercenary spyware developed specifically to exploit zero-day vulnerabilities. Apple’s timely notifications demonstrate their strong commitment to user security, transparency, and advanced detection capabilities,” he added.

Jamf, which specializes in Apple-focused security solutions, recommends that users—especially those in high-risk environments—take immediate steps:

• Update devices to the latest OS to patch known exploits.

• Enable Lockdown Mode, Apple’s hardened security configuration for users at heightened risk.

• Deploy third-party mobile threat detection tools to further bolster defenses.

Security advocates warn that these types of spyware attacks are rarely isolated. Pellegrino is now the second Italian journalist this year to receive such a notification. Earlier in February, his colleague Francesco Cancellato was warned by WhatsApp that his phone had been targeted with spyware linked to Israeli vendor Paragon Solutions.

Since then, additional reports surfaced linking Paragon’s spyware to surveillance of humanitarian workers with Mediterranea Saving Humans, an NGO involved in rescuing migrants at sea. Following the revelations, Paragon reportedly severed ties with its Italian government client, though questions about accountability remain.

The recurrence of these spyware incidents has intensified calls from civil society for stricter regulation of the spyware industry and greater transparency from both governments and vendors. Organizations like Citizen Lab and Amnesty International continue to provide technical support to individuals who suspect they’ve been targeted, including access to forensic tools and known indicators of compromise (IoCs).

“Amnesty International is also a good starting point for help, as they provide a list of IoCs to help identify spyware,” Boynton noted, urging potential victims to seek expert assistance.

For now, the growing list of journalists, activists, and civil society members ensnared in these covert operations is a stark reminder: in the age of mercenary spyware, no phone is off-limits, and no democratic safeguards can be taken for granted.

The war for privacy is still being fought, and it’s increasingly fought on the devices we carry in our pockets every day.