Two months after several politicians and journalists claimed they had received alerts from Apple about “state-sponsored attackers”, an investigation by Amnesty International’s Security Lab in partnership with the Washington Post has now said that at least two journalists in India were recently targeted with Pegasus spyware on their iPhones.

Siddharth Varadarajan, founding editor of The Wire, and Anand Mangnale, the South Asia editor at The Organised Crime and Corruption Report Project, were among those recently targeted with Pegasus, with “the latest identified case” in October, it said.

Meanwhile, a Washington Post report claimed that after the Apple alerts, central government officials had called Apple’s India representatives “to demand that the company help soften the political impact of the warnings”. “They also summoned an Apple security expert from outside the country to a meeting in New Delhi, where government representatives pressed the Apple official to come up with alternative explanations for the warnings to users, the people said. They spoke on the condition of anonymity to discuss sensitive matters.”

The Amnesty report stated that the attempted targeting of Anand Mangnale’s phone happened at a time when he was “working on a story about an alleged stock manipulation by a large multinational conglomerate in India”.

Amnesty’s statement said Varadarajan was targeted with Pegasus in 2018 and again on October 16, 2023. “The same attacker-controlled email address used in the Pegasus attack against Anand Mangnale was also identified on Siddharth Varadarajan’s phone, confirming that both journalists were targeted by the same Pegasus customer.”

“The Security Lab also identified an attacker-controlled email address used as part of the Pegasus attack on his (Mangnale’s) device. The recovered samples are consistent with the NSO Group’s BLASTPASS exploit, publicly identified by Citizen Lab in September 2021 and patched by Apple in iOS 16.6.1 (CVE-2023-41064).”

Newslaundry had earlier reported about the Apple alerts and how a section of the media had tried to dismiss the allegations, including a claim about an “algorithm malfunction”.  

According to Apple’s website, if Apple discovers activity “consistent with a state-sponsored attack, we will notify the targeted users in two ways”, including by email. Apar Gupta, founder of the Internet Freedom Foundation, had tweeted at length about why these emails should not be considered “false alarms”.

Newslaundry emailed Apple’s official spokesperson a set of questions on whether the company had sent the alerts, the origin of the alleged attacks, the number of users who received these alerts, and how Apple identifies such attacks.

In response, Apple said it does not attribute the notifications to “any specific state-sponsored attackers”.

“State-sponsored attackers are very well-funded and sophisticated, and their attacks evolve over time. Detecting such attacks relies on threat intelligence signals that are often imperfect and incomplete. It’s possible that some Apple threat notifications may be false alarms, or that some attacks are not detected. We are unable to provide information about what causes us to issue threat notifications, as that may help state-sponsored attackers adapt their behaviour to evade detection in the future,” the company said.

Newslaundry learned that since the threat notifications feature was enabled, these notifications have been sent to individuals whose accounts are in nearly 150 countries.

Importantly, these developments come nearly two years after India reportedly used Israeli spyware for targeted surveillance. Get all the details here.