MeitY Issues Notice to Apple After New Mercenary Spyware Alerts

The Ministry of Electronics and Information Technology (MeitY) has issued a formal notice to Apple after the technology giant sent a fresh round of “mercenary spyware” threat notifications to multiple users in India. Officials familiar with the matter said the notice seeks clarity on the nature, scope, and technical basis of the alerts, which flagged potential attempts to remotely compromise Apple devices.

The development comes after the Indian Computer Emergency Response Team (CERT-In) released an advisory urging affected users to immediately update their devices and take additional security precautions. According to CERT-In, Apple warned certain users that their Apple IDs may have been targeted by advanced surveillance tools commonly associated with state-sponsored or commercial spyware operators.

In its advisory issued on December 5, CERT-In asked users who received Apple’s notification to install the latest operating system update, enable enhanced security features such as Lockdown Mode, and remain cautious of unusual prompts or messages. The agency also offered technical assistance to concerned users, advising them to contact CERT-In directly for device examination and support.

The recent alerts are part of a broader global notification cycle carried out by Apple and Google on December 2 and 3. Such warnings are typically reserved for high-risk scenarios where sophisticated actors attempt to exploit zero-day vulnerabilities to gain covert access to devices. Apple, however, does not publicly attribute these attacks to any specific country or organisation, citing the sensitive nature of its threat intelligence methods.

Cybersecurity experts say the renewed alerts highlight the growing sophistication of commercial surveillance tools and the challenges governments face in containing their spread. Meghna Bal, director at the Esya Centre, noted that mercenary spyware weakens overall cybersecurity resilience and creates opportunities for wider exploitation beyond targeted surveillance.

“These tools don’t just threaten individuals — they erode trust in digital ecosystems. The same vulnerabilities can be repurposed by other hostile actors,” she said, adding that international cooperation and non-proliferation norms are increasingly necessary.

This is not the first time Apple’s spyware warnings have triggered official engagement in India. In 2023, MeitY sought explanations after journalists and opposition leaders reported receiving similar alerts. Apple later clarified to Indian authorities that the notifications were generated using internal security signals and were not aimed at or coordinated with any government action.

Officials said MeitY is now awaiting Apple’s response to the latest notice, particularly regarding whether Indian users were part of a wider global targeting pattern and what mitigation steps are being taken at the platform level.

As digital risks grow more complex, governments and enterprises operating internationally are paying closer attention to cyber hygiene, regulatory compliance, and cross-border data exposure—factors that are increasingly relevant for organisations planning a business setup in dubai where technology governance and international operations often intersect.