\n<\/p>\n
Apple notified more than a dozen Iranians in recent months that their iPhones had been targeted with government spyware<\/a>, according to security researchers.<\/p>\n Miaan Group, a digital rights organization that focuses on Iran, and Hamid Kashfi, an Iranian cybersecurity researcher who lives in Sweden, said they spoke with several Iranians who received the notifications in the last year.\u00a0<\/p>\n Bloomberg first wrote<\/a> about these spyware notifications.<\/p>\n Miaan Group published a report<\/a> on Tuesday on the state of cybersecurity of civil society in Iran, which mentioned that the organization\u2019s researchers have identified three cases of government spyware attacks against Iranians, two in Iran and one in Europe, who were alerted in April of this year.<\/p>\n \u201cTwo people in Iran come from a family with a long history of political activism against the Islamic Republic. Many members of their family have been executed, and they have no history of traveling abroad,\u201d Amir Rashidi, Miaan Group\u2019s director of digital rights and security, told TechCrunch. \u201cI believe there have been three waves of attacks, and we have only seen the tip of the iceberg.\u201d<\/p>\n Rashidi said that Iran is likely the government behind the attacks, although there needs to be more investigations into these attacks to reach a more conclusive determination. \u201cI see no reason for members of civil society to be targeted by anyone other than Iran,\u201d he said.<\/p>\n Kashfi, who founded the security firm DarkCell, said in an email that he helped two victims go through preliminary forensics steps, but he wasn\u2019t able to confirm which spyware maker was behind the attacks. And, he added, some of the victims he worked with preferred not to continue the investigation.<\/p>\n \t\t\tHave you received a threat notification from Apple? We\u2019d love to hear from you. From a non-work device and network, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, or email<\/a>.<\/a>\t\t<\/div>\n \u201dPretty much all victims spooked out and ghosted us as soon as we explained the seriousness of the case to them. I presume partly because of their place of work and sensitivity of the matters related to that,\u201d said Kashfi, who added that one of the victims received the notification in 2024.<\/p>\n It\u2019s unclear which spyware maker is behind these attacks.\u00a0<\/p>\n Over the last few years, Apple has sent several<\/a> rounds<\/a> of notifications<\/a> to people whom the company believes have been targeted with government spyware, such as NSO Group\u2019s Pegasus<\/a>, or Paragon\u2019s Graphite<\/a>. This kind of malware is also known as \u201cmercenary\u201d or \u201ccommercial\u201d spyware.<\/p>\n The notifications have helped security researchers who focus on spyware to document abuses in several countries such as India<\/a>, El Salvador, and Thailand<\/a>.\u00a0<\/p>\n On Apple\u2019s support page<\/a> for what the company calls \u201cthreat notifications,\u201d last updated in April, the tech giant said that since 2021 it has notified users in \u201cin over 150 countries,\u201d which shows how widespread the use of government spyware is. Apple does not disclose the names of the countries, nor the total number of people it has notified.\u00a0<\/p>\nContact Us<\/h4>\n