Apple has shared more than twelve Iranians in recent months that their iPhones had targeted them with government spyware, according to security researchers.
The Miaan Group, a digital rights organization focused on Iran, and Hamid Kashfi, a Iranian researcher in cyberspace living in Sweden, said they had spoken to several Iranians who received alerts last year.
Parachute wrote for the first time About these spyware notifications.
Miaan group posted a report On Tuesday on the situation of security in the cyberspace of civil society in Iran, which said the agency’s researchers have identified three cases of Spyware government attacks against Iranians, two in Iran and one in Europe, who were alerted in April.
“Two people in Iran come from a family with a long history of political activism against the Islamic Republic. Many members of their family have been executed and have no history of travel abroad,” said Amir Rashidi, Miaan Group’s digital rights and security manager. “I think there were three waves of attacks and we have only seen the tip of the iceberg.”
Rashidi said Iran is likely to be the government behind the attacks, although there should be more investigations into these attacks to achieve a more decisive determination. “I see no reason for members of civil society targeting anyone else than Iran,” he said.
Kashfi, who founded Darkcell Security Company, told an email that he helped two victims go through preliminary criminology steps, but failed to confirm which spyware manufacturer was behind the attacks. And, he added, some of the victims he worked with he preferred not to continue the investigation.
Contact us
Have you received an Apple threat alert? We would like to hear from you. From a device and non-work network, you can contact Lorenzo Franceschi-bicchierai safely on the signal on +1 917 257 1382, or through the telegram and keybase @lorenzofb or email.
“Almost all of our victims have come out and seemed to us as soon as we explained the seriousness of the case, I guess partly because of the place of work and the sensitivity of the issues related to it,” said Kashfi, who added that one of the victims received the notice in 2024.
It is not clear which spyware manufacturer is behind these attacks.
In recent years, Apple has sent several rounds of alerts to people that the company believes has targeted with government spyware, such as NSO Group Pegasus or Paragon’s graphite. This kind of malicious software is also known as “Mercenary” or “Commercial” Spyware.
Alerts have helped security researchers focusing on Spyware to substantiate abuses in various countries such as India, El Salvador and Thailand.
On Apple Support Page For what the company calls “threat alerts”, which was recently informed in April, the technological giant said it has alerted users to “in more than 150 countries” by 2021, which shows how widespread the use of the government’s spyware. Apple does not reveal the names of the countries or the total number of people he has notified.
To help the victims last year, Apple recommended those who received these threat alerts to reach the ACCESSNOW Digital Rights Group, which manages a helping line around the clock staff with researchers who can investigate spyware attacks. Accessnow has documented cases of spyware abuse worldwide.
Apple did not respond to a request for comments about the notifications sent to the Iranians.
