Apple alerted Iranians to iPhone spyware attacks, say researchers
Apple has recently issued critical warnings to more than a dozen Iranian iPhone users, alerting them to sophisticated government-backed spyware attacks. This concerning development was brought to light by security researchers, highlighting the escalating digital threats faced by individuals globally.
According to reports from Miaan Group, a digital rights organization focused on Iran, and Hamid Kashfi, a Sweden-based Iranian cybersecurity researcher, multiple Iranians have confirmed receiving these urgent notifications from Apple over the past year. These alerts suggest that their devices may have been compromised by highly advanced surveillance tools, typically reserved for governmental use.
The initial revelation of these spyware alerts targeting Iranians was first reported by Bloomberg, underscoring the severity and widespread nature of such digital incursions.
Further substantiating these claims, Miaan Group published a comprehensive report on Tuesday detailing the state of cybersecurity within Iranian civil society. The report specifically cited three confirmed instances of government spyware attacks against Iranians, with two victims residing in Iran and one in Europe, all receiving Apple’s alerts in April of the current year.
Amir Rashidi, the director of digital rights and security at Miaan Group, elaborated on the findings, stating, “Two people in Iran come from a family with a long history of political activism against the Islamic Republic. Many members of their family have been executed, and they have no history of traveling abroad.” Rashidi expressed his belief that these incidents represent “three waves of attacks,” suggesting that the observed cases are merely “the tip of the iceberg.” While acknowledging the need for further investigation, Rashidi strongly suspects the Iranian government is behind these assaults, asserting, “I see no reason for members of civil society to be targeted by anyone other than Iran.”
Hamid Kashfi, founder of the security firm DarkCell, confirmed his involvement in assisting two of the affected individuals through initial forensic procedures. However, he was unable to definitively identify the specific spyware manufacturer responsible for the attacks. Kashfi noted the challenges in full investigation, as several victims were reluctant to continue due to the sensitive nature of their work and the potential ramifications, with some “spooked out and ghosted us as soon as we explained the seriousness of the case to them,” as one victim received their notification in 2024.
The precise identity of the spyware makers remains unconfirmed in these specific Iranian cases. However, Apple has a history of issuing numerous threat notifications over the years, alerting users to mercenary or commercial spyware attacks, including those involving notorious malware like NSO Group’s Pegasus and Paragon’s Graphite. These alerts have been instrumental in helping security researchers document a wide array of abuses across various countries, including India, El Salvador, and Thailand.
Apple’s dedicated support page on “threat notifications,” last updated in April, reveals the global scale of this issue, stating that since 2021, the tech giant has notified users in “over 150 countries” about potential targeting by government-backed spyware. While Apple refrains from disclosing the names of specific countries or the total number of individuals notified, this statistic underscores the pervasive nature of state-sponsored digital surveillance.
To further aid victims, Apple initiated a program last year recommending those who receive these critical threat notifications to seek assistance from AccessNow, a leading digital rights organization. AccessNow operates a 24/7 helpline staffed by expert researchers dedicated to investigating spyware attacks, having documented numerous cases of spyware abuse worldwide.
When contacted for comment regarding the notifications sent to Iranian users, Apple did not provide an immediate response.
