Apple informed more than a dozen Iranians in recent months that their iPhones had been targeted at government spyware, according to security researchers.
Miaan Group, a digital rights organization that focuses on Iran, and Hamid Kashfi, an Iranian cybersecurity scientist living in Sweden said they spoke with several Iranians receiving notifications in the past year.
Bloomberg first wrote about these spyware messages.
Miaan Group on Tuesday announced a report on the state of civil society in the Civil Society in Iran, which mentioned the organization’s researchers identifying three cases of government spyware attacks against Iranians, two in Iran and one in Europe warned in April this year.
“Two people in Iran come from a family with a long history of political activism against the Islamic Republic. Many members of their family have been executed and they have no history of traveling abroad,” Amir Rashidi, Miaan Group’s Director of Digital Rights and Security, told TechCrunch. “I think there have been three waves of attacks and we have only seen the tip of the iceberg.”
Rashidi said Iran is likely to be the government behind the attacks, although there must be several investigations of these attacks to reach a more final determination. “I see no reason why members of civil society are targeted by anyone other than Iran,” he said.
Kashfi, who founded the security company Darkcell, said in an e -mail that he helped two victims undergo preliminary forensic steps, but he was unable to confirm which spyware producer was behind the attacks. And, he added, some of the victims he worked with, preferred not to continue the investigation.
Contact us
Have you received a threat message from Apple? We would love to hear from you. From a non-work device and network you can contact Lorenzo Franceschi-Bicchierai securely on signal on +1 917 257 1382 or via telegram and keybase @lorenzofb or e-mail.
“Virtually all victims spread us out and joked us as soon as we explained the seriousness of the case to them. I suppose partly because of their workplace and sensitivity in the questions related to it,” said Kashfi, who added that one of the victims received the announcement in 2024.
It is unclear which spyware maker is behind these attacks.
Over the past few years, Apple has sent several rounds of messages to people that the company believes has been targeted at government spyware, such as NSO Group’s Pegasus, or Paragon’s graphite. This type of malware is also known as “mercenary” or “commercial” spyware.
The notifications have helped security researchers focusing on spyware to document abuses in several countries such as India, El Salvador and Thailand.
On Apple’s support page for what the company calls “threat messages”, last updated in April, the tech giant said it has notified users in “in over 150 countries” since 2021, showing how widespread the use of governmentalpyware is. Apple does not reveal the names of the countries or the total number of people it has notified.
To help victims, Apple has since last year recommended those who have received these threat messages to reach the Digital Rights Group Accessnow, which runs a helper line staffed by researchers who can investigate spyware attacks. Accessnow has documented cases of abuse of spyware worldwide.
Apple did not respond to a request for comment on the messages sent to Iranians.