Hustler Words – Apple has reportedly alerted a number of Iranian iPhone users to potential spyware attacks orchestrated by government entities. Security researchers from the Miaan Group, a digital rights organization focused on Iran, and independent cybersecurity expert Hamid Kashfi, have confirmed that they’ve spoken with multiple Iranians who received these threat notifications from Apple in recent months.
The initial report of these notifications was first published by Bloomberg.
Miaan Group released a report on Tuesday detailing the cybersecurity landscape for civil society within Iran. The report highlights three specific instances of government-sponsored spyware attacks targeting Iranians, with two occurring within Iran and one in Europe. All three victims received alerts from Apple in April of this year.
Related Post
Amir Rashidi, Miaan Group’s director of digital rights and security, stated that two of the individuals targeted in Iran come from a family with a deep history of political activism against the Islamic Republic. He emphasized that many family members have been executed and that the individuals have no history of international travel. "I believe there have been three waves of attacks, and we have only seen the tip of the iceberg," Rashidi told hustlerwords.com.
While Rashidi believes the Iranian government is the likely culprit, he stressed the need for further investigation to reach a definitive conclusion. "I see no reason for members of civil society to be targeted by anyone other than Iran," he added.
Kashfi, founder of the security firm DarkCell, assisted two victims with preliminary forensic analysis. However, he was unable to identify the specific spyware vendor responsible for the attacks. He also noted that some victims were hesitant to continue the investigation.
"Pretty much all victims spooked out and ghosted us as soon as we explained the seriousness of the case to them. I presume partly because of their place of work and sensitivity of the matters related to that," Kashfi said, noting that one victim received the notification in 2024.
The specific spyware used in these attacks remains unknown.
Over the past several years, Apple has issued numerous rounds of notifications to users believed to be targeted by government spyware, including tools like NSO Group’s Pegasus and Paragon’s Graphite. These types of malware are often referred to as "mercenary" or "commercial" spyware.
These notifications have been instrumental in helping security researchers document spyware abuses in countries such as India, El Salvador, and Thailand.
Apple’s support page for "threat notifications," last updated in April, states that the company has notified users in over 150 countries since 2021, highlighting the widespread use of government spyware. Apple does not disclose the specific countries or the total number of individuals notified.
To assist victims, Apple has recommended that those who receive threat notifications contact AccessNow, a digital rights group that operates a 24/7 helpline staffed with researchers who can investigate spyware attacks. AccessNow has documented numerous cases of spyware abuse worldwide.
Apple has not yet responded to requests for comment regarding the notifications sent to Iranian users.
Leave a Comment