Apple Warns Dozens of Iranians Their iPhones Were Targeted by Government Spyware

Apple has recently notified more than a dozen Iranians that their iPhones may have been targeted with government-grade spyware, according to cybersecurity researchers.

The Miaan Group, a digital rights organization focused on Iran, along with Iranian cybersecurity expert Hamid Kashfi, said they’ve spoken with several individuals who received these warnings over the past year. Bloomberg was the first to report on these spyware alerts.

Source:Pixabay

On Tuesday, the Miaan Group released a report on the state of cybersecurity for Iranian civil society. In it, the group detailed three confirmed cases of spyware targeting Iranians two inside Iran and one in Europe all of whom received Apple’s warning in April.

“Two of the victims in Iran come from a family known for opposing the Islamic Republic. Many of their relatives have been executed, and they’ve never even traveled abroad,” said Amir Rashidi, director of digital rights and security at the Miaan Group, in a statement to TechCrunch. “We believe these attacks have occurred in three waves, and what we’ve seen so far may just be the beginning.”

While Rashidi suspects the Iranian government is likely behind the attacks, he stressed that further investigation is needed to confirm the source. “There’s no clear reason why members of civil society would be targeted by anyone other than Iran,” he said.

Kashfi, who heads the security firm DarkCell, said in an email that he assisted two victims with preliminary forensic analysis, though he couldn't identify which spyware vendor was responsible. He also noted that some victims chose not to pursue further investigation.

”Pretty much all victims spooked out and ghosted us as soon as we explained the seriousness of the case to them. I presume partly because of their place of work and sensitivity of the matters related to that,” said Kashfi, who added that one of the victims received the notification in 2024. 

It's still unknown which company is behind the spyware used in these recent attacks.

In recent years, Apple has issued multiple waves of alerts to individuals it suspects were targeted with government-grade spyware, including tools like NSO Group’s Pegasus and Paragon’s Graphite. These types of malware often referred to as “mercenary” or “commercial” spyware are sold to governments and used to infiltrate personal devices.

Apple’s threat notifications have played a key role in helping spyware researchers uncover abuses in countries like India, El Salvador, and Thailand.

According to Apple’s support page on “threat notifications,” last updated in April, the company has alerted users in more than 150 countries since 2021 a sign of just how widespread government spyware has become. However, Apple does not name the countries involved or share how many individuals have been notified.

To support those targeted, Apple has encouraged recipients of these alerts to contact AccessNow, a digital rights organization that operates a 24/7 helpline. The group’s experts assist victims in investigating potential spyware infections and have documented cases of spyware abuse globally.

Apple declined to comment on the recent notifications sent to Iranians.