Mint Explainer: Why did Apple send threat notifications to prominent Indians?

Congress MP Shashi Tharoor, TMC MP Mahua Moitra, AAP MP Raghav Chadha, and others received a 'threat notification' email from Apple at 11:45 pm on Monday (Photo: PTI)
Congress MP Shashi Tharoor, TMC MP Mahua Moitra, AAP MP Raghav Chadha, and others received a 'threat notification' email from Apple at 11:45 pm on Monday (Photo: PTI)


  • These notifications are to do with cyberattacks targeted at specific individuals, which are far less common and more dangerous than mass attacks

New Delhi: On 30 October, Apple sent an unusual notification to several prominent Indians, including members of Parliament Raghav Chadha and Shashi Tharoor, Congress media chairperson Pawan Khera, and others. The ‘threat notification’ said their devices may have been targeted by state-sponsored attackers. Mint explains.

What is a threat notification from Apple, and why is it unusual?

Threat notifications, in Apple’s own words, “are designed to inform and assist users who may have been targeted by state-sponsored attackers. These users are individually targeted because of who they are or what they do."

Apple uses its own cybersecurity team to track security incidents – from mass breaches, which are relatively common, to targeted attacks against specific individuals. Apple’s threat notification tracks the latter, which are far more rare than mass attacks that use, say, phishing or ransomware. It is this rarity that makes Apple’s threat notification unusual.

What is cyber espionage, why is it rare, and what does ‘state-sponsored attackers’ mean?

The cyber activity that Apple’s threat notifications imply is known as ‘cyber espionage’. Simply put, this is a form of cyber attack that is not just highly sophisticated and often very obscure, but is done specifically in pursuit of a single individual, or small group at best.

A key reason why cyber espionage is so rare is because today, most cyber threats are actively tracked around the world by security researchers and evangelists. Apple, for instance, runs one of the most secure software ecosystems in the world, and prides itself on the security of its devices. Cyber espionage, however, requires highly proficient black-hat hackers (those with malicious intent) to use very expensive tools and codes.

Targeted cyber espionage tools can not only break into a person’s online accounts but infiltrate a device such as the iPhone and modify settings and code at a core level. This is extremely difficult to do, but can give spies access to a phone’s memory, camera and microphone, thereby compromising an individual entirely.

‘State-sponsored attackers’ are black-hat hackers who are backed by governments. Most hackers typically do not have access to the kind of funds that a government would, so there’s usually a clear and obvious difference between general hackers and state-sponsored ones in terms of the tools and techniques they use. North Korea, for instance, is accused of sponsoring attacks for financial gain.

Have there been prior instances of such cyber espionage?

The most prominent instance of cyber espionage to date is the ‘Pegasus’ incident, in which several people around the world were allegedly tracked by a highly invasive cyber tool developed by Israeli firm NSO Group. Pegasus is believed to be one of the most intrusive pieces of spyware ever created. The Indian government has been accused of buying and using Pegasus, though the allegations have not been proved conclusively.

What has Apple said about the threat notifications?

“State-sponsored attackers are very well-funded and sophisticated, and their attacks evolve over time. Detecting such attacks relies on threat intelligence signals that are often imperfect and incomplete. It’s possible that some Apple threat notifications may be false alarms, or that some attacks are not detected. We are unable to provide information about what causes us to issue threat notifications, as that may help state-sponsored attackers adapt their behaviour to evade detection in the future," the company said. It clarified, “Apple does not attribute the threat notifications to any specific state-sponsored attacker."

Apple also has a full page detailing the threat notification, its stance, and what users should do if they receive a similar notification.

What has the Indian government said about this?

On Wednesday Mint reported that the government, along with Apple, has set up internal committees to investigate the source of these notifications, and an investigation will begin soon.

In a thread on social media platform X (formerly Twitter) on Tuesday, union IT minister Ashwini Vaishnaw said that Apple’s information on these notifications is “vague and non-specific in nature".

“Apple has also claimed that Apple IDs are securely encrypted on devices, making it extremely difficult to access or identify them without the user's explicit permission. This encryption safeguards the user's Apple ID and ensures that it remains private and protected. The Government of Bharat takes its role of protecting the privacy and security of all citizens very seriously and will investigate to get to the bottom of these notifications," Vaishnaw wrote.

Catch all the Business News, Market News, Breaking News Events and Latest News Updates on Live Mint. Download The Mint News App to get Daily Market Updates.