Ddos 
Developer Jay Gibson recently contacted TechCrunch to recount his experience of being targeted by a state-sponsored spyware attack. Gibson first learned of the incident after receiving a notification from Apple, which stated that his iPhone had been the target of a mercenary spyware operation.
A mercenary spyware attack refers to an operation in which a government or state entity pays a spyware developer to target specific individuals. One of the most infamous examples is Pegasus, the spyware developed by Israelβs NSO Group, which was capable of fully compromising iOS devices to conduct extensive surveillance.
Gibson, ironically, works in the same field. He specializes in discovering zero-day vulnerabilities in iOS and developing them into exploit frameworks. As part of his work, he has created monitoring technologies for Trenchant, a Western manufacturer of government hacking tools. In an unexpected twist, this developer of spyware found himself the victim of an unknown spyware attack.
Following its investigation, TechCrunch discovered that Gibson was not alone. In recent months, other spyware and exploit developers have also received Appleβs threat notifications, warning them that their devices may have been targeted by state-backed spyware.
Gibson said he never imagined he would become a target himself. Upon receiving Appleβs warning, he felt shocked, distressed, and deeply afraid. To safeguard himself, he immediately shut down all his existing devices and purchased new ones.
Although Gibson has sought assistance from a digital forensics firm, analyzing whether a device has been infected and identifying possible attack vectors requires access to complete backup data for log examination. Such attacks typically exploit zero-day vulnerabilities and implant malicious payloads through stealthy infection methods. However, Gibson refused to provide his full backups, saying he felt uncomfortable doing soβpresumably due to the presence of sensitive personal data.
Without complete data, forensic experts were unable to conduct a thorough investigation. Thus, aside from Appleβs alert, there was no definitive evidence to confirm that Gibsonβs device had indeed been compromised.
About a month before receiving Appleβs notification, Gibson was still employed by Trenchant. He had been invited to the companyβs London office for a team-building event. Upon arrival, he was immediately called into a meeting room, where the general manager of Trenchant joined via video conference and accused him of double employment. Gibson was suspended on the spot, and all his work devices were confiscated for internal investigation.
Two weeks later, Trenchant decided to terminate his employment, offering him a settlement agreement and compensation. However, the company refused to disclose the results of its internal device analysis, leaving no evidence that Gibson had ever engaged in double employment.
Later, a former colleague told Gibson that the company suspected him of leaking undisclosed Chrome browser vulnerabilities developed internally at Trenchant. Yet, Gibson insists this would have been impossible, as different teams at the company worked in strict isolationβhis own role in iOS exploit development gave him no access to Chrome-related vulnerabilities.
Believing he had been made a scapegoat, Gibson claims that Trenchant, upon discovering a leak in its Chrome exploits, sought someone to blameβand he became the fall guy.
Related Posts:
- Apple Warns Users of Targeted Spyware Attacks β Here’s How to Stay Safe
- Apple Upgrades Spyware Defense: iOS 26.1 Adds Native Threat Notifications for Pegasus Attacks
- Facebook and thousands of companies are spying on you
- Apple Ups Bounty to $5 Million for Zero-Click Spyware Exploits Bypassing Lockdown Mode
- Zero-Click iMessage Alert: Paragon’s Graphite Spyware Exploits iOS Flaw, Targets Journalists
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
