Apple and Google Warn Users Worldwide of Unprecedented Activity by State-Linked Mercenary Spyware Groups

Apple and Google have issued a new round of cyberthreat notifications, alerting users across multiple countries to what they describe as an unprecedented surge in activity by state-linked mercenary spyware groups. The coordinated warnings signal growing concern among major technology companies about the scale, sophistication, and global reach of commercial surveillance actors operating on behalf of governments.

Unusual Volume of Threat Notifications

According to both companies, the latest notifications were sent to a significantly larger number of users than in previous campaigns. Apple confirmed that it has notified individuals in dozens of countries, while Google issued similar alerts through its Threat Analysis Group. The companies emphasized that this wave of alerts reflects a marked escalation in spyware operations rather than routine malicious activity.

The notifications were delivered directly to affected user accounts, warning them that their devices may have been targeted by highly sophisticated spyware designed to covertly monitor communications, access sensitive data, and track user activity without detection.

Mercenary Spyware Explained

Mercenary spyware refers to advanced surveillance tools developed by private companies and sold to government clients. These tools are capable of exploiting zero-day vulnerabilities, bypassing security protections, and operating stealthily on smartphones and other devices. Unlike common malware, mercenary spyware is typically deployed in targeted operations against specific individuals rather than at scale.

Such spyware has been repeatedly linked to surveillance of journalists, political figures, activists, lawyers, and civil society members. Both Apple and Google have previously taken legal and technical action against companies involved in developing and distributing these tools.

Technical Characteristics of the Attacks

The attacks associated with the latest warnings reportedly involve zero-click and low-interaction exploitation techniques, meaning users do not need to click on links or open malicious files to become compromised. These techniques often abuse flaws in messaging apps, media processing libraries, or browser components, making them difficult to detect and prevent.

Once deployed, the spyware can access messages, emails, call logs, photos, microphone input, and location data, effectively turning a personal device into a real-time surveillance tool.

Apple and Google’s Response

Apple stated that it has strengthened its threat detection systems and continues to harden its operating systems against advanced exploitation techniques. The company also reiterated its commitment to notifying users when it has high confidence that they are being targeted by state-sponsored or mercenary spyware operations.

Google echoed these concerns, noting that its security teams have observed increased coordination and resource investment by spyware operators. The company said it is expanding protections within Android and Google services, while continuing to track and disrupt spyware infrastructure.

Global and Political Implications

The warnings highlight the expanding global market for commercial surveillance technology and the blurred line between state intelligence operations and private-sector spyware vendors. Security experts note that the increasing accessibility of these tools lowers the barrier for governments to conduct digital surveillance, raising serious human rights and privacy concerns.

The involvement of multiple technology giants issuing simultaneous warnings suggests that the activity is not isolated to a single platform or region, but represents a broader and coordinated threat landscape.

Guidance for Users

Users who receive these notifications are urged to take them seriously and follow recommended security steps, which typically include updating devices to the latest software versions, enabling enhanced security features, and seeking assistance from digital security professionals. Apple has previously recommended the use of Lockdown Mode for users who believe they may be at high risk of targeted attacks.

Both companies stressed that while these attacks are highly targeted and do not affect the majority of users, their potential impact is severe due to the level of access spyware can obtain.

Conclusion

The latest cyberthreat notifications from Apple and Google underscore a troubling escalation in the use of mercenary spyware by state-linked actors. As surveillance tools become more advanced and widely deployed, technology companies, governments, and civil society face growing pressure to address the risks posed to privacy, security, and fundamental rights in the digital age.