Apple Warns Top Indian Opposition Leaders, Journalists About ‘State-Sponsored’ Attack on Phone

“These attackers are likely targeting you individually because of who you are or what you do. If your device is compromised by a state-sponsored attacker, they may be able to remotely access your sensitive data, communications, or even the camera and microphone.”

New Delhi: Multiple top leaders of India’s opposition parties and several journalists have received a notification from Apple, saying that “Apple believes you are being targeted by state-sponsored attackers who are trying to remotely compromise the iPhone associated with your Apple ID ….”

Here are the people confirmed to have been notified by Apple about the attempts to compromise their iPhones:

1. Mahua Moitra (Trinamool Congress MP)
2. Priyanka Chaturvedi (Shiv Sena UBT MP)
3. Raghav Chadha (AAP MP)
4. Shashi Tharoor (Congress MP)
5. Asaduddin Owaisi (AIMIM MP)
6. Sitaram Yechury (CPI(M) general secretary and former MP)
7. Pawan Khera (Congress spokesperson)
8. Akhilesh Yadav (Samajwadi Party president)
9. Siddharth Varadarajan (founding editor, The Wire)
10. Sriram Karri (resident editor, Deccan Chronicle)
11. Samir Saran (president, Observer Research Foundation)
12. Revathi (independent journalist)
13. K.C. Venugopal (Congress MP)
14. Supriya Shrinate (Congress spokesperson)
15. Multiple people who work in Congress MP Rahul Gandhi’s office
16. Revanth Reddy (Congress MP)
17. T.S. Singhdeo (Chhattisgarh deputy CM and Congress leader)
18. Ravi Nair (journalist, OCCRP)
19. K.T. Rama Rao (Telangana minister and BRS leader)
20. Anand Mangnale (regional editor, South Asia, OCCRP)

The email titled “ALERT: State-sponsored attackers may be targeting your iPhone” goes on to say, “These attackers are likely targeting you individually because of who you are or what you do. If your device is compromised by a state-sponsored attacker, they may be able to remotely access your sensitive data, communications, or even the camera and microphone.”

It urges the recipients, “While it’s possible this is a false alarm, please take this warning seriously.”

While the language of Apple’s warning is identical to what the phone manufacturer has used in the past to alert victims of spyware around the world, the fact that at least five persons in India received the same alert at the same time (11:45 pm on October 30, 2023) suggests those being targeted are part of an India-specific cluster.

In a statement on Tuesday, Apple said, “Apple does not attribute the threat notifications to any specific state-sponsored attacker.”

These threat notifications were enabled by the company in 2021, and since then such notifications have reportedly been sent to individuals in nearly 150 countries.

Shiv Sena MP Priyanka Chaturvedi has tweeted the mail.

Moitra also took to Twitter to highlight the alert:

Received text & email from Apple warning me Govt trying to hack into my phone & email.

– get a life. Adani & PMO bullies – your fear makes me pity you.

Khera too shared the message he got from Apple on X and asked, “Dear Modi Sarkar, why are you doing this?”

“Glad to keep underemployed officials busy at the expenses of taxpayers like me! Nothing more important to do?” Congress MP Shashi Tharoor said while posting about the attack.

Congress leader Rahul Gandhi held a press conference on the matter, in which he accused the Narendra Modi government of doing everything possible to hide that they had “sold the government to Adani”. “Hack us all you want,” he said, “but we will not stop questioning you.” He also said that the government is going out of its way to distract from demands from a caste census. “Who is Adani really stealing from?” he asked, and responded that it was the common people, the marginalised, who were paying the price.

The others whom The Wire can confirm have received the warning from Apple are well-known people who are open critics of the Narendra Modi government.

“The reports of threat notifications from Apple need to be taken very seriously and require investigation to determine the source and the extent of the malware attack. Given Indians – especially journalists, parliamentarians and constitutional functionaries – have also reportedly been targeted with Pegasus in the past it is a matter of deep concern for our democracy,” Prateek Waghre, policy director of the Internet Freedom Foundation (IFF) told The Wire.

IFF’s founding director Apar Gupta posted on X to explain why these cannot be called “false alarms”.

“Firstly, reports indicate that India has been a ground for deploying Pegasus spyware by NSO Group, an Israeli firm. In October 2019, state attackers targeted activists, and in July 2021 they extended their reach to public officials and journalists. The Union Government has not clearly denied these activities in the Supreme Court of India. Moreover, investigations by Amnesty, Citizen Lab, and notifications from WhatsApp corroborate its use, suggesting a pattern in India and a matching victim profile. Secondly, Access Now and Citizen Lab last month have confirmed the validity of Apple’s threat notifications sent to Russian journalists, including Meduza’s publisher. These confirmations lend high credibility to such notifications. Thirdly, the Financial Times disclosed in March that India is seeking new spyware contracts starting at approximately $16 million and potentially escalating to $120 million in the next few years. These contracts involve companies like the Intellexa Alliance, recently featured in a report called ‘The Predator Files’,” he said.

IT minister and BJP leader Ashwini Vaishnaw claimed that Apple’s notifications were “vague and non-specific”, and questioned whether Apple devices are really secure.

“The Government of Bharat takes its role of protecting the privacy and security of all citizens very seriously and will investigate to get to the bottom of these notifications,” Vaishnaw said. “In light of such information and widespread speculation, we have also asked Apple to join the investigation with real, accurate information on the alleged state-sponsored attacks.”

Varadarajan is among half a dozen journalists in India, including The Wire‘s founding editor M.K. Venu, on whose phones Amnesty International’s Tech Lab found traces of Pegasus.

The Wire has written to Apple for comments on any further information it can share and this story will be updated when it does.

In 2021, the Pegasus Project had confirmed that more than a dozen phones in India – of politicians, journalists, human rights defenders and others – had been infected with the Israeli spyware which hundreds more had likely been targeted, including phones connected with the then Congress president Rahul Gandhi, lawyers, a sitting judge, an election commissioner, the ousted CBI director and family members of such persons also, just before and after the previous general elections in 2019.

The final report of a Supreme Court committee set up to investigate cases of the use of the military-grade spyware is yet to be made public. While the Modi government stonewalled demands from the court on whether it had used Pegasus, it has never denied buying and deploying the spyware. The Wire partnered with several global news outlets to unveil the cyber attacks by state-sponsored entities, as the spyware company NSO Group has always maintained it only sold Pegasus to governments. You can read about Project Pegasus here.

The Financial Times ran a report in March this year on alternatives to Pegasus being mulled over for purchase. The Indian government is scouring the globe for spyware it could use which has a “lower profile” than Pegasus.

FT wrote that the Modi government is willing to spend anywhere up to $120 million to obtain the spyware, citing people familiar with the matter. India’s defence ministry declined to comment on the report, the newspaper said.

In one significant case – the Elgar Parishad case in which 16 rights activists, lawyers and academics were arrested – independent cybersecurity companies have found that the activists’ devices were compromised with spyware and this technology was used to plant incriminating ‘evidence’ on the devices.

If you have received such an email from Apple, please get in touch with us at [email protected].