What is Apple’s ‘state-sponsored attackers’ alert, received by multiple Opposition leaders?

Apple has been sending out these automated notifications since late 2021, whenever it suspects some activity resembles a state-sponsored attack. It has so far notified individuals in 150 countries.

Who are these “state-sponsored attackers” that Apple refers to?

Following the allegations, Apple said in a statement on Tuesday that it “does not attribute the threat notifications to any specific state-sponsored attacker”.

In a note issued earlier, the tech giant had said: “State-sponsored attackers are very well-funded and sophisticated, and their attacks evolve over time. Detecting such attacks relies on threat intelligence signals that are often imperfect and incomplete. It’s possible that some Apple threat notifications may be false alarms, or that some attacks are not detected.”

Attackers backed by governments go after specific individuals and their devices, based on their identity or activities. Such attacks are very different from the ones carried out by regular cybercriminals, who usually target a large number of users for financial gain.

According to Apple, state-sponsored attacks are often short-lived, and are designed to evade detection and exploit vulnerabilities that may not be known to the public.

So, what is this threat notification that Apple issues?

Apple’s threat notifications are a way of alerting and helping users who may have been targeted by state-sponsored attackers.

As a response to these attacks, the company has developed a system that can spot activity that matches certain patterns. When an attack is detected, a “Threat Notification” is sent by email and iMessage to the email addresses and phone numbers that are linked to the affected user’s Apple ID. The notification that some politicians and others received was likely triggered by this system.

In its note issued earlier, Apple had said: “We are unable to provide information about what causes us to issue threat notifications, as that may help state-sponsored attackers adapt their behaviour to evade detection in the future.”

What does Apple advise users should do when an attack is detected?

The notifications are accompanied by advice on some extra steps that users can take to protect their devices and safeguard their privacy. Some of the general security tips that Apple recommends are updating to the latest software versions, setting a passcode, enabling two-factor authentication, and using a strong password for the Apple ID.

It also recommends that users should download apps only from the App Store, use a different password for each online account, and avoid clicking on links or attachments from unknown sources.

Apple also suggests that users activate the Lockdown Mode, which is a feature introduced in its latest software updates to specifically protect against rare and sophisticated cyber attacks such as these.

What exactly is the Lockdown Mode, and how can it be turned on?

When you activate Lockdown Mode, your device will enter into a state of high security, where many usual functions will be restricted or disabled. For example, you won’t be able to send or receive attachments, links, or link previews in messages, to prevent attackers from accessing your personal information.

Lockdown Mode is only available on devices that run iOS 16 or later, iPadOS 16 or later, watchOS 10 or later and macOS Ventura or later. Apple says that such attacks are rare and target only specific individuals, but if you ever feel that your device or data are in danger, you can turn on Lockdown Mode by going to Settings, then Privacy & Security, then Lockdown Mode, and toggling it on.

Anyone who receives a threat notification from Apple should take it seriously and follow the steps that Apple recommends to secure their device and account.