In recent months, Apple has proactively notified over a dozen Iranian iPhone users that their devices were targeted by advanced spyware, according to security researchers. These alerts, sent via email and iMessage, informed recipients of potential mercenary spyware attacks aimed at compromising their devices.
The Miaan Group, a digital rights organization focusing on Iran, and Hamid Kashfi, a Sweden-based Iranian cybersecurity researcher, have engaged with several individuals who received these notifications over the past year. Their findings indicate that the attacks targeted both individuals within Iran and Iranians residing abroad.
In a report published on July 22, 2025, the Miaan Group detailed three specific instances of government spyware attacks against Iranians—two within the country and one in Europe. These individuals were alerted by Apple in April of this year. Amir Rashidi, the group’s director of digital rights and security, highlighted that two of the victims in Iran belong to a family with a longstanding history of political activism against the Islamic Republic. He emphasized the gravity of the situation, stating, I believe there have been three waves of attacks, and we have only seen the tip of the iceberg.
While the exact origin of these attacks remains unconfirmed, Rashidi suggests that the Iranian government is the likely perpetrator, given the targeted nature of the assaults on civil society members. He remarked, I see no reason for members of civil society to be targeted by anyone other than Iran.
Kashfi, founder of the security firm DarkCell, assisted two victims with preliminary forensic analyses but was unable to determine the specific spyware used. He noted that some victims were hesitant to continue the investigation due to concerns about their professional affiliations and the sensitive nature of the matter. Pretty much all victims spooked out and ghosted us as soon as we explained the seriousness of the case to them, Kashfi observed.
The specific spyware involved in these attacks has not been identified. However, Apple has a history of notifying users targeted by government-grade spyware, such as NSO Group’s Pegasus and Paragon’s Graphite. These notifications have been instrumental in helping security researchers document abuses in countries like India, El Salvador, and Thailand.
According to Apple’s support page on threat notifications, updated in April, the company has alerted users in over 150 countries since 2021, underscoring the global prevalence of government spyware. Apple does not disclose the specific countries or the total number of individuals notified.
To assist victims, Apple recommends enabling the iPhone’s Lockdown Mode, which offers robust protection against such attacks. Users are also advised to update their devices to the latest software versions and exercise caution with links and attachments from unknown sources. Additionally, Apple suggests seeking expert assistance from digital rights organizations like Access Now, which operates a 24/7 helpline staffed with researchers capable of investigating spyware incidents.
Apple has not provided further comments on the notifications sent to Iranian users.
