You’ve been targeted by government spyware. Now what?
You've Been Targeted by Government Spyware. Now What?
It was a normal day when Jay Gibson got an unexpected notification on his iPhone. "Apple detected a targeted mercenary spyware attack against your iPhone," the message read. Gibson, a former employee of companies that developed spyware, was shocked to receive such a notification on his own phone. He called his father, turned off and put his phone away, and went to buy a new one.
"I was panicking," he told TechCrunch. "It was a mess. It was a huge mess."
Gibson is just one of an ever-increasing number of people who are receiving notifications from companies like Apple, Google, and WhatsApp, all of which send similar warnings about spyware attacks to their users. Tech companies are increasingly proactive in alerting their users when they become targets of government hackers, and in particular those who use spyware made by companies such as Intellexa, NSO Group, and Paragon Solutions.
What Happens Next?
If you receive one of these warnings, it's essential to take it seriously. These companies have reams of telemetry data about their users and what happens on both their devices and their online accounts. These tech giants have security teams that have been hunting, studying, and analyzing this type of malicious activity for years. If they think you have been targeted, they are probably right.
It's crucial to note that in the case of Apple and WhatsApp notifications, receiving one doesn't mean you were necessarily hacked. It's possible that the hacking attempt failed, but they can still tell you that someone tried.
What to Do Next
In the case of Google, it's most likely that the company blocked the attack, and is telling you so you can go into your account and make sure you have multi-factor authentication on (ideally a physical security key or passkey), and also turn on its Advanced Protection Program, which also requires a security key and adds other layers of security to your Google account. In other words, Google will tell you how to better protect yourself in the future.
In the Apple ecosystem, you should turn on Lockdown Mode, which switches on a series of security features that makes it more difficult for hackers to target your Apple devices. Apple has long claimed that it has never seen a successful hack against a user with Lockdown Mode enabled, but no system is perfect.
Advice from Experts
Mohammed Al-Maskati, the director of Access Now's Digital Security Helpline, a 24/7 global team of security experts who investigate spyware cases against members of civil society, shared with TechCrunch the advice that the helpline gives people who are concerned that they may be targeted with government spyware.
This advice includes:
- Keeping your devices' operating systems and apps up-to-date
- Switching on Apple's Lockdown Mode, and Google's Advanced Protection for accounts and for Android devices
- Being careful with suspicious links and attachments
- Restarting your phone regularly
- Paying attention to changes in how your device functions
Reaching Out for Help
What happens next depends on who you are. If you are a journalist, dissident, academic, or human rights activist, there are a handful of organizations that can help.
You can turn to Access Now and its Digital Security Helpline. You can also contact Amnesty International, which has its own team of investigators and ample experience in these cases. Or, you can reach out to The Citizen Lab, a digital rights group at the University of Toronto, which has been investigating spyware abuses for almost 15 years.
Investigation
What happens next depends on who you go to for help. Generally speaking, the organization you reach out to may want to do an initial forensic check by looking at a diagnostic report file that you can create on your device, which you can share with the investigators remotely. At this point, this doesn't require you to hand over your device to anyone.
This first step may be able to detect signs of targeting or even infection. It may also turn out nothing. In both cases, the investigators may want to dig deeper, which will require you to send in a full backup of your device, or even your actual device. At that point, the investigators will do their work, which may take time because modern government spyware attempts to hide and delete its tracks, and will tell you what happened.
Unfortunately, modern spyware may not leave any traces. The modus operandi these days, according to Hassan Selmi, who leads the incident response team at Access Now's Digital Security Helpline, is a "smash and grab" strategy, meaning that once spyware infects the target device, it steals as much data as it can, and then tries to remove any trace and uninstall itself. This is assumed as the spyware makers trying to protect their product and hide its activity from investigators and researchers.
Conclusion
We hope you never get one of these notifications. But we also hope that, if you do, you find this guide useful. Stay safe out there.
Topics
- AccessNow
- Amnesty International
- Citizen Lab
- Intellexa
- malware
- NSO Group
- Paragon Solutions
- privacy
- Security
- Spyware
- surveillance
Lorenzo Franceschi-Bicchierai
Lorenzo Franceschi-Bicchierai is a Senior Writer at TechCrunch, where he covers hacking, cybersecurity, surveillance, and privacy.
You can contact or verify outreach from Lorenzo by emailing [email protected], via encrypted message at +1 917 257 1382 on Signal, and @lorenzofb on Keybase/Telegram.
View Bio
Dates TBD
Locations TBA
Plan ahead for the 2026 StrictlyVC events. Hear straight-from-the-source candid insights in on-stage fireside sessions and meet the builders and backers shaping the industry. Join the waitlist to get first access to the lowest-priced tickets and important updates.
Waitlist Now
Most Popular
- NY Governor Hochul signs bill requiring warning labels on ‘addictive’ social media
- How reality crushed Ÿnsect, the French startup that had raised over $600M for insect farming
- Nvidia to license AI chip challenger Groq’s tech and hire its CEO
- Waymo explains why its robotaxis got stuck during the SF blackout
- Marissa Mayer’s new startup Dazzle raises $8M led by Forerunner’s Kirsten Green
- Inside Uzbekistan’s nationwide license plate surveillance system
- ChatGPT launches a year-end review like Spotify Wrapped
Source: https://techcrunch.com/2025/12/29/youve-been-targeted-by-government-spyware-now-what/
