Apple has quietly been sending threat notifications to users it believes are being targeted by advanced cyberattacks. In the first half of 2025, more than a dozen Iranians received these alerts, including government officials, tech workers, and dissidents, according to new research. These individuals were reportedly targeted with highly sophisticated spyware just months before the Iran-Israel war began.
The company told affected users that the attacks were “exceptionally rare” and cost “millions of dollars” to carry out. The message Apple sends in such cases doesn’t reveal who’s behind the attack but makes it clear the user is being singled out “because of who you are or what you do.” Apple encourages users to take immediate action, including updating their devices, using strong passwords, and contacting security professionals.
A Global Campaign with Local Targets
According to the Miaan Group, a Texas-based human rights group, spyware was used inside Iran and against Iranians abroad. Researchers believe the number of victims is likely much higher than those identified so far.
Cybersecurity expert Hamid Kashfi, who runs DarkCell in Sweden, identified more victims. All were inside Iran and linked to the government or tech sector. Kashfi said the attacks likely used “zero-day zero-click” exploits. These infect devices without any user action. “Zero-click chains are more sophisticated, more expensive, one stage higher than typical hacking campaigns,” he told Bloomberg.
Apple’s Caution, Iran’s Silence
Apple did not respond to Bloomberg’s request for comment, but the threat notification seen by the outlet drew comparisons between the current attacks and the Pegasus spyware developed by Israel’s NSO Group. Despite the gravity of the threat, many affected users did not seek help from independent cybersecurity experts. In several cases, forensic investigation was not possible due to the victims’ location in Iran. Others reportedly handed over their devices to Iranian government agencies instead of outside analysts.
While Apple stopped short of attributing the attacks to any specific actor, the scale, cost, and precision suggest the involvement of state-level or mercenary spyware operators. “Apple has high confidence in this warning,” the company told recipients.
VAPT Certification in Singapore
Certvalue is one of the growth oriented VAPT consultant in Singapore for providing VAPT Certification in Singapore, Hougang, Tampines, Pasir Ris, Yishun, Choa Chu Kang, Toa Payoh and other major cities in Singapore with the services of implementation
Certvalue is having most preferred ISO 13485 Consultant in Dubai for Providing ISO 13485 Certification in Dubai, UAE, Abu Dhabi, Ajman, Al Ain, Al QUSAIS, Jebel Ail, Sharjah, Umm Al Quwain, Ras Al khor Fujairah, Al Quoz, Um Ramool and other major cities in Dubai with the services of implementation.