Apple has notified more than a dozen Iranians in recent months that their iPhones have been targeted by government spyware, according to security researchers.
The Miaan Group, a digital rights organization that focuses on Iran, and Hamid Kashfi, an Iranian cybersecurity researcher based in Sweden, said they have spoken to several Iranians who have received such notifications over the past year.
These spyware notifications were first reported by Bloomberg.
On Tuesday, the Miaan Group published a report on the state of civil society cybersecurity in Iran, which mentions that the organization’s researchers have discovered three cases of government spyware attacks on Iranians, two in Iran and one in Europe, which were warned in April of this year.
“Two people in Iran come from a family with a long history of political activism against the Islamic Republic. Many of their family members have been executed, and they have never traveled abroad,” Amir Rashidi, director of digital rights and security at Miaan Group, told TechCrunch. “I believe there have been three waves of attacks, and we’ve only seen the tip of the iceberg.”
Rashidi said the Iranian government is likely behind the attacks, although more investigations into the attacks are needed to reach a more definitive conclusion. “I see no reason why members of civil society would be targeted by anyone other than Iran,” he said.
Kashfi, who founded the security firm DarkCell, said in an email that he had helped two of the victims pass preliminary examinations, but he could not confirm which spyware maker was behind the attacks. In addition, he added that some of the victims he worked with chose not to pursue the investigation.
“Almost all of the victims got scared and started harassing us as soon as we explained the seriousness of the case. I assume this is partly due to their place of work and the sensitivity of the issues involved,” said Kashfi, who added that one of the victims received a message in 2024.
It is unclear which spyware vendor is behind the attacks.
Over the past few years, Apple has sent messages several times to people it believes have been targeted by government spyware, such as NSO Group’s Pegasus or Paragon’s Graphite. This type of malware is also known as “mercenary” or “commercial” spyware.
The alerts have helped security researchers working on spyware to document abuse in several countries, including India, El Salvador, and Thailand.
On Apple’s support page, which the company calls “threat reports,” last updated in April, the tech giant said that since 2021 it has notified users “in over 150 countries,” showing how widespread the use of government spyware is. Apple does not disclose the names of the countries or the total number of people it has notified.
To help victims, since last year, Apple has been recommending that those who receive these threat notifications contact the digital rights group AccessNow, which has a 24-hour hotline staffed by researchers who can investigate spyware attacks. AccessNow has documented cases of spyware abuse around the world.
