Apple has notified more than 12 Iranians in recent months, according to security researchers.
Miaan Group, an Iran-focused digital rights group, and Hamid Kashfi, an Iranian cybersecurity researcher who lives in Sweden, said they spoke to several Iranians who received notifications last year.
Bloomberg wrote first about these spyware notifications.
Miaan Group released a report on the state of cybersecurity in Iranian civil society on Tuesday. It said it has identified three cases of government spyware attacks against two Iranians and one in Europe.
“The two Iranians come from families with a long history of political activity against the Islamic Republic. Many of their families have been executed and have no history of travelling abroad.” “We believe there have been three waves of attacks, and have only seen the tip of the iceberg.”
Rashidi said Iran is probably the government behind the attacks, but that more investigation into these attacks would need to be made to reach a more decisive decision. “I don’t think there’s a reason why civil society members are targeted by people outside of Iran,” he said.
Kashfi, who founded security company Darkcell, said in an email that he helped two victims carry out preliminary forensic procedures, but was unable to see which spyware manufacturer was behind the attack. And he preferred that some of the victims he worked for would not continue his investigation.
inquiry
Have you received threat notifications from Apple? We look forward to hearing from you. From unprocessed devices and networks, you can safely contact Lorenzo Franceschi-Bicchierai with a signal of +1 917 257 1382, via Telegram and Keybase @lorenzofb, or by email.
“Almost every victim was scared and scared us and haunted us. We quickly ghosted us as soon as we explained to them the seriousness of the incident. We partially speculate because of the location and sensitivity of their work in the issues related to it,” Kashfi said, adding that one of the victims had received a notice in 2024.
It is unknown which spyware manufacturers are behind these attacks.
Over the past few years, Apple has sent several notifications to people it believes is targeting government spyware, such as NSO group Pegasus and Paragon graphite. This type of malware is also known as “mercian” or “commercial” spyware.
The notice helped security researchers focused on spyware to document abuse in several countries such as India, El Salvador and Thailand.
On Apple’s support page for what the company calls “threat notifications,” Tech Giant, last updated in April, said it has notified users in “over 150 countries” since 2021. Apple does not disclose the name of the country or the total number of people who have notified them.
To help victims, Apple recommends those receiving these threat notifications reach out to AccessNow, a digital rights group that runs a 24-hour helpline with researchers who can investigate Spyware attacks. AccessNow documents spyware abuse cases around the world.
Apple did not respond to requests for comment regarding the notification sent to Iranians.
