Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime
State-Sponsored Attackers Targeting Armenians, Apple Warns
'Lockdown Mode' Can Defeat Commercial SpywareMembers of Armenian civil society said they have received new warnings from Apple that their smartphones were targeted for infection with commercial spyware.
See Also: OnDemand | 2024 Phishing Insights: What 11.9 Million User Behaviors Reveal About Your Risk
Samvel Martirosyan, the co-founder at the Armenian digital rights organization CyberHUB, shared a screenshot of an Apple alert from Oct. 30 stating that "state-sponsored attackers may be targeting your iPhone."
Martirosyan cautioned that "the warning does not necessarily mean the phone is newly infected. Often a person finds out that he was attacked, but for example, a year or two ago."
Analysis published in May by Access Now found that a government customer of the commercial spyware developer NSO Group used its Pegasus app to infect the Apple devices of members of Armenian civil society beginning in October 2020 (see: Pegasus Spyware Spotted in Nagorno-Karabakh War).
Researchers said they had found "substantial evidence" to suggest that the Azerbaijani government is a Pegasus customer, and previous evidence identifies Azerbaijan-linked domains connected with Pegasus and one-click SMS infection infrastructures masquerading as Azerbaijani political websites.
The warning comes as governments across the world have sought to limit the reach of the commercial spyware industry. The U.S. government this year limited its use of advanced surveillance software such as Pegasus through an executive order prohibiting agencies from buying licenses for spyware used by foreign governments to spy on dissidents. European lawmakers denounced the commercial spyware industry this spring and chastised half a dozen member nations for deploying spyware against citizens or selling it abroad (see: European Parliament Condemns Commercial Spyware).
Armenia and Azerbaijan have engaged in intermittent conflict for decades over territorial lines. Azerbaijan in September launched an attack against an ethnic enclave known as Nagorno-Karabakh or Artsakh that resulted in mass evacuation of local Armenians away from Azerbaijan. Several infections clusters were also observed during border conflicts in 2021 and 2022 and before Armenia's 2021 elections, Martirosyan said.
John Scott-Railton, a senior researcher at The Citizen Lab, tweeted on Friday that "Apple threat notifications are 'clear & invaluable' signs something serious is going on. They've triggered major investigations and uncovered widespread spyware abuses. Devices that get warnings usually show signs of spyware infection (or an attempt). Then take action."
Scott-Railton said individuals at risk should enable lockdown mode on their iPhones. "Our research throughout 2023 has 'not' found cases of Pegasus and Predator infection when it's enabled," he said.