Apple, Google Warn of State Spyware Attacks Worldwide

Alerts follow Intellexa-linked intrusions exploiting zero-day flaws across dozens of countries

MIT SMR Editors December 11, 2025

Topics

Apple and Google last week issued global threat notifications to users, warning that some devices may have been hacked by state-backed actors using mercenary spyware.

Google’s alert, issued December 3, named Intellexa, a surveillance vendor under US sanctions, as the culprit, saying several hundred accounts across Pakistan, Kazakhstan, Angola, Egypt, Uzbekistan, Saudi Arabia and Tajikistan were targeted.

The company’s Threat Intelligence Group described Intellexa as “one of, if not the most, prolific spyware vendors exploiting zero-day vulnerabilities against mobile browsers.”

According to independent forensic analysis by Amnesty International and multiple security firms, Intellexa’s flagship spyware, known as “Predator,” continues to evolve despite sanctions.

Researchers uncovered leaked internal documents, marketing materials and exploit code that show the company buying or developing zero-day flaws and deploying them via sophisticated mechanisms including malicious ads and one-click or zero-click exploit chains.

The timing of Google’s disclosure coincided with a notification from Apple on December 2, which said it had issued threat alerts to users in more than 150 countries, but offered few details on the number of affected accounts or the identity of the attackers.

The fresh wave of alerts points to how commercial spyware, often marketed to governments and intelligence services, remains one of the most persistent and opaque global cyber-threats.

Experts said the notifications risk derailing surveillance campaigns now, and often trigger investigations by authorities into misuse of spyware.

Topics

About the Author

Tags:

Apple Google

Topics

Share