IT Response Team Begins Investigation Into "State-Sponsored Attack" Notification Case, Sends Notice To Apple

CERT-In (Indian Computer Emergency Response Team), the national agency responsible for addressing computer security incidents, has initiated an investigation into the Apple threat notification issue that was raised by opposition MPs.

According to News18, Electronics and Information Technology Secretary S. Krishnan confirmed on Thursday (2 November) that a notice has been sent to the company. Krishnan expressed his hope that Apple would cooperate with CERT-In's investigation into the matter.

He stated, "CERT-In has commenced its inquiry, and they (Apple) will collaborate in this investigation," as quoted by the news agency PTI during an event related to the Meity-NSF research collaboration.

The controversy began when several opposition leaders claimed to have received alerts from Apple warning them of "state-sponsored attackers attempting to remotely compromise" their iPhones.

They alleged government-sponsored hacking, a charge that IT Minister Ashwini Vaishnaw denied but promised a thorough investigation.

Vaishnaw expressed "concerns" about the snooping allegations made by opposition leaders and announced an investigation. He also requested that tech giant Apple participate in the investigation by providing genuine and accurate information regarding the "alleged state-sponsored attacks."

In the midst of this, Apple released a statement addressing the issue, stating that it does not attribute the threat notifications to any specific state-sponsored attacker.

According to Apple, state-sponsored attackers are well-funded and sophisticated, and their attacks evolve over time. Detecting such attacks relies on imperfect and incomplete threat intelligence signals.

Apple noted that some threat notifications may be false alarms, and some attacks may go undetected. Apple explained that they are unable to provide specific details about the reasons for issuing threat notifications, as doing so could potentially help state-sponsored attackers adapt their behavior to evade detection.