Technology company Apple on Thursday warned some users in India and 91 other countries that their iPhones may have been targeted by “mercenary spyware”, including the controversial Pegasus software, The Indian Express reported.

The company sent the emails to users in India around 12.30 am Indian Standard Time. It is unclear how many people received the warning.

The technology company has sent out similar notifications warning users of an attack several times since 2021. In October, Apple had warned several Indian Opposition leaders and at least four journalists that it believed that their iPhones may have been targeted by “state-sponsored attackers”.

However, in a subsequent clarification, the company said that it did not attribute the threat notifications to any specific state-sponsored attacker.

The threat notification in the early hours of Thursday did not attribute the suspected attacks to any stakeholder.

According to The Indian Express, the subject line on the email said: “ALERT: Apple detected a targeted mercenary spyware attack against your iPhone.”

The notification further said: “Apple detected that you are being targeted by a mercenary spyware attack that is trying to remotely compromise the iPhone associated with your Apple ID -xxx-…This attack is likely targeting you specifically because of who you are or what you do.”

The company also said that tools such as Pegasus were being used to target individuals globally.

The Pegasus spyware is licensed to governments around the world by the Israeli cyber intelligence company NSO Group. The company insists that it sells its software only to “vetted governments” with good human rights records and that it is intended to target criminals.

However, in July 2021, a consortium of international media organisations had reported that Pegasus was being used by governments around the world to snoop on critics.

Apple’s email notification on Thursday said that mercenary spyware attacks such as those using Pegasus were “exceptionally rare and vastly more sophisticated than regular cybercriminal activity or consumer malware”, the Economic Times reported.

“These attacks cost millions of dollars and are individually deployed against a very small number of people, but the targeting is ongoing and global,” it said.

The technology company warned its users not to open links or attachments from unexpected or unknown senders.

Earlier notification

In October, Opposition leaders, including the Congress’ Shashi Tharoor, TS Singhdeo, Revanth Reddy, Pawan Khera and Supriya Shrinate, Aam Aadmi Party’s Raghav Chadha and Samajwadi Party’s Akhilesh Yadav had received messages from the firm saying that “state-sponsored attackers” were trying to compromise their devices.

Besides the Opposition leaders, at least five journalists had also received the message.

In its alert, Apple had warned that “if your device is compromised by a state-sponsored attacker, they may be able to remotely access your sensitive data, communications, or even the camera and microphone”. The notification added: “While it’s possible this is a false alarm, please take this warning seriously.”

However, the company later clarified that it did not attribute the threat notifications to any specific state-sponsored attacker. An Apple spokesperson had said that the company was not specifically saying that the Indian government was responsible for these attacks, but added that it did not rule out the possibility.