Jul 23, 2025 12:10:00

Apple warns Iranian activists about spyware on iPhones

The conflict , which broke out when Israel carried out a preemptive attack on Iran in June 2025, has not only involved destructive weapons but also information warfare such as hacking and cyber attacks . According to a survey by security researchers, more than 12 Iranian iPhones have been targeted by spyware and have received threat notifications from Apple.

Wartime Cyber Crackdown and the Emergence of Mercenary Spyware Attacks - Miaan Group
https://miaan.org/wartime-cyber-crackdown-and-the-emergence-of-mercenary-spyware-attacks/

Apple alerted Iranians to iPhone spyware attacks, say researchers | TechCrunch
https://techcrunch.com/2025/07/22/apple-alerted-iranians-to-iphone-spyware-attacks-say-researchers/

On July 22, 2025, the Austin, Texas-based digital human rights organization Miaan Group released an intelligence report investigating the escalating cyber threats and digital repression in Iran. In the report, Miaan Group warned that cyber attacks against Iranians are shifting from indiscriminate to targeted spyware, that internet disruption and repression targeting ethnic minorities and civil society activists is intensifying, and that cyber attacks by Iranian activists are expanding globally to the UK, Germany, France, and other countries.

In addition, Miaan Group's research revealed that many Iranians received threat notifications from Apple in the first half of 2025. The victims included Iranian dissidents living in Iran and IT engineers with Iranian nationality living in Europe, whose iPhones were found to have spyware installed. Usually, victims of spyware are sent threat notification messages on their iPhones, but in this case, for the first time, they were notified in the form of a text message from Apple.

'The extreme cost, sophistication and global nature of these attacks make spyware attacks among the most sophisticated digital threads in existence today. These attacks are likely targeted specifically at you because of your identity or activities,' Apple's notice read. The notice added that 'Apple has a high degree of confidence in this alert.'

All 12 victims identified in this case work for the Iranian technology industry or government, and the damages are estimated to be in the millions of dollars. According to the Miaan Group, they are believed to be only a small fraction of the targets of the spyware.

Hamid Kashfi, a Sweden-based cybersecurity researcher who discovered another Iranian spyware, concluded that it was likely that a 'zero-day, zero-click attack' was used, which does not require the victim to take any action such as clicking a link. 'Zero-click chains are more sophisticated, more expensive and a step above typical hacking campaigns, but this threat is not afraid to use them and is successful,' Kashfi said.

Amir Rashidi, director of digital rights and security at Miaan Group, told TechCrunch, 'The attack has been in three waves, and we believe what we have seen is just the tip of the iceberg. It is highly likely that the Iranian government is behind the attack, but further investigation is needed to make a more definitive determination.' Kashfi also said he could not confirm which spyware manufacturer was behind the attack, and more detailed investigations are underway.