In recent months, Apple has alerted multiple Iranian citizens that their iPhones were likely targeted by advanced government spyware, according to cybersecurity specialists and a digital rights group monitoring the region.
The Miaan Group, a nonprofit that advocates for digital freedom in Iran, along with cybersecurity researcher Hamid Kashfi, reported that they’ve spoken to a number of Iranians who received these warnings over the past year. A new report released by the Miaan Group on Tuesday highlights three confirmed cases of spyware targeting: two within Iran and one involving an Iranian living in Europe. All three received notifications from Apple in April.
Amir Rashidi, who heads the Miaan Group’s digital rights and security division, revealed that two of the victims reside in Iran and belong to a family known for its political dissent against the Iranian government — with a history of family members being executed. These individuals, he noted, have never left the country. Rashidi believes these incidents represent just a small portion of a broader, ongoing campaign. “We’re likely only seeing the surface,” he commented, adding that Iran is the most probable source of the attacks, though further investigation is needed to make a definitive conclusion.
Kashfi, the founder of cybersecurity firm DarkCell and based in Sweden, said he assisted two victims in conducting preliminary forensic checks. However, he couldn’t determine which spyware was used. He also noted that many victims were reluctant to proceed with the investigation due to fear and the sensitive nature of their professions. “Nearly everyone we tried to assist backed away after realizing the gravity of the situation,” Kashfi explained. One of the individuals he assisted reportedly received Apple’s alert in early 2024.
While the exact spyware vendor involved remains unknown, Apple has in the past notified users about attacks involving sophisticated surveillance tools like Pegasus by NSO Group or Graphite by Paragon. These commercial spyware tools are typically deployed by state actors against journalists, activists, and political opponents.
Apple has been issuing these threat alerts since 2021 and has reportedly notified users in more than 150 countries. Although Apple does not disclose which countries are involved or how many people were warned, its alerts have helped researchers uncover spyware abuses globally — including in India, Thailand, and El Salvador.
To support affected individuals, Apple recommends contacting AccessNow, a digital rights group offering around-the-clock assistance for spyware victims.
