Apple alerts users in 100 countries to highly targeted spyware attacks likely linked to government surveillance tools.
Apple has notified users across 100 countries that they may have been targeted in a spyware campaign. Among the confirmed recipients of these warnings are Ciro Pellegrino, an Italian journalist at Fanpage, and Eva Vlaardingerbroek, a Dutch right-wing activist. Both individuals shared the alerts publicly this week, confirming they had received notifications from Apple via email and text message.
The alerts are part of Apple's ongoing efforts to inform individuals who may be targeted by so-called ‘mercenary’ spyware, a term often used to describe surveillance tools developed by private companies and sold to governments. Apple did not respond to requests for comment, and the specific spyware campaign behind these warnings remains unknown.
Apple has issued similar warnings in the past, directing affected individuals to nonprofit organizations for assistance and investigation. The company uses threat intelligence and forensic data to identify likely victims of government-grade spyware. According to the screenshot shared by Vlaardingerbroek, Apple stated, “This attack is likely targeting you specifically because of who you are or what you do,” and that it had “high confidence” in its warning, despite the inherent uncertainty in such cases.
Pellegrino noted in his article that Apple’s message confirmed he was not alone; affected users were being alerted in 100 countries. The attack, he wrote, was “not a joke.” Pellegrino is now the second Italian journalist this year linked to a spyware campaign. In February, his colleague Francesco Cancellato was similarly notified by WhatsApp, which said it had disrupted spyware activity believed to be from Israeli-based Paragon Solutions.
Apple framed the attack as deeply personal, warning users: “This attack is likely targeting you specifically because of who you are or what you do.” The message urged recipients to take the alert seriously. Vlaardingerbroek dismissed it as a political move, calling it “an attempt to intimidate me, an attempt to silence me, obviously.” Pellegrino, writing in response, expressed disbelief and concern, noting that Apple's notification referenced others around the world who had also been targeted.
The latest wave of notifications signals that commercial spyware remains a potent global threat, not just to dissidents and journalists, but also to activists, NGOs, and political figures. Apple, WhatsApp, and Google have taken steps to notify users when their devices are targeted, but the scale and persistence of these attacks raise larger questions about government surveillance and accountability.
While companies like Paragon Solutions operate in a legal gray zone, the aftermath of these disclosures, including public backlash and severed contracts, may begin to shape how spyware vendors and their clients operate. For now, transparency and user warnings remain one of the few available lines of defense.
Mercenary spyware refers to surveillance software developed by private companies and sold to governments or third parties to monitor specific individuals, often without their consent.
Apple uses a combination of threat intelligence, forensic analysis, and internal telemetry to identify patterns of suspicious activity that may indicate targeted spyware attacks.
Recipients are advised to take the alert seriously, seek help from digital security experts or nonprofit organizations like Access Now or the Citizen Lab, and avoid clicking unknown links or attachments.
Targets are often selected based on their profession, political views, activism, or influence, making them valuable sources of information or threats to regimes.
No. While not legally required, companies like Apple, Google, and WhatsApp have voluntarily adopted user notification policies to increase transparency and user protection.