Comment on this storyCommentAdd to your saved storiesSave
NEW DELHI — Apple has warned at least 20 prominent Indians, including opposition politicians and journalists, that they were the target of state-sponsored cyberattacks in a development that revived allegations that the government is using electronic surveillance against its domestic political rivals and critics.
Members of Parliament from several opposition parties, including the Trinamool Congress Party, the Indian National Congress and the Aam Aadmi Party, posted screenshots of emails from Apple informing them that their iPhones had been the target of hacking attempts, they said on X, the social media platform formerly known as Twitter.
Several journalists critical of the ruling Bharatiya Janata Party-led government, including reporters from the Organized Crime and Corruption Reporting Project and The Wire — as well as the head of a government-linked think tank in New Delhi — also shared similar notices from Apple.
The spyware is sold to governments to fight terrorism. In India, it was used to hack journalists and others.
The flurry of notices, sent by Apple late Monday and early Tuesday, did not name the Indian government as the perpetrator or say whether the hacking attempts were successful. An Apple spokesman clarified that the company “does not attribute the threat notifications to any specific state-sponsored attacker.”
Ashwini Vaishnaw, the BJP minister of railways, communications, electronics and information technology, said on X that the Indian government “takes its role of protecting the privacy and security of all citizens very seriously and will investigate to get to the bottom of these notifications.”
“Much of information by Apple on this issue seems vague and nonspecific in nature,” Vaishnaw said. “Apple states these notifications maybe based on information which is ‘incomplete or imperfect.’ It also states that some Apple threat notifications maybe false alarms or some attacks are not detected.”
But opposition politicians immediately accused the Modi government of snooping and pointed to its record of facing similar hacking allegations.
In 2021, hundreds of Indian phone numbers were found on a leaked list of potential targets for surveillance by users of Pegasus, a military-grade spyware that can crack Apple and Android smartphones. The list included phone numbers belonging to the opposition leader Rahul Gandhi, journalists and senior bureaucrats and Supreme Court judges, The Washington Post found as part of a joint investigation with the Forbidden Stories journalism nonprofit.
Phone of Indian activist jailed on terrorism charges was infected with Pegasus spyware, new analysis finds
The Indian government has never confirmed or denied its use of Pegasus; its developer, the Israeli firm NSO Group, has said the spyware is sold exclusively to government agencies. Citing publicly available customs records, the Organized Crime and Corruption Reporting Project disclosed last year that India’s Intelligence Bureau received a shipment of hardware from NSO’s office in Israel matching the description of equipment used to run Pegasus.
At least one person whose phone was found to be infected by Pegasus in 2021 — the journalist Siddarth Varadarajan, founder of the online news organization The Wire — received notifications from Apple this week that he was being targeted by a state-linked actor. Two Indian journalists with OCCRP also reported receiving the threat alerts.
Other iPhone users who said they received the alerts included Mahua Moitra, a member of Parliament from the Trinamool Congress Party, Priyanka Chaturvedi, a leader in a splinter faction of the Shiv Sena party that opposes the BJP, and several of Gandhi’s aides, the Congress party leader said at a news conference.
In its notice, Apple warned users that hackers could access their iPhone’s sensitive data, communications, camera and microphone.
Apple’s latest warnings were a reminder that “we need a clear answer from the Indian government on the use of spyware and hack for hire entities,” said Raman Jit Singh Chima, Asia Policy Director at Access Now, a digital rights group. “Accountability is the first necessary step to stop India’s descent into a surveillance state.”
An Apple spokesman added Tuesday that threat alerts have been issued broadly, not just in India, since they were implemented in 2021. “Apple has sent Threat Notifications to individuals whose accounts are in nearly 150 countries,” he said.
Apple’s revelations — even if they do not point to the Indian government — come at a sensitive time. The Cupertino, Calif.-based company has been in talks with the Indian government about expanding its footprint in India as it diversifies its supply chain outside China.
Apple is also looking to make inroads with consumers and opened its first retail store in India in April at a launch attended by Chief Executive Tim Cook. The company saw annual sales in India rise almost 50 percent to $6 billion during the year ending in March 2023, Bloomberg News reported.