Apple warns Iranian iPhone users of state-sponsored spyware as researchers link attacks to escalating Iran-Israel tensions

Concerns over high-level digital surveillance have intensified in 2025 as security researchers reveal a wave of sophisticated malware campaigns targeting Iranian iPhone users, both within the country and abroad. Independent investigations by the Texas-based Miaan Group and Sweden’s DarkCell have linked dozens of infections to highly advanced spyware, drawing comparisons to tools like Pegasus due to the scale, cost, and precision of the operations.

What sets these incidents apart is their unprecedented reach. The victims, according to reports, range from journalists and activists inside Iran to an Iranian citizen living in Europe, indicating that whoever orchestrated the attacks is willing to extend its efforts beyond borders. Analysts believe the campaigns cost millions of dollars to execute and were developed by actors with resources and expertise typically associated with state-backed agencies rather than criminal networks.

Apple has stepped into the spotlight by alerting impacted users directly, continuing a practice it began in 2021 to warn individuals who face potential state-sponsored surveillance. Those identified as targets received direct notifications from Apple, informing them that the attacks likely relate to their roles or activities and urging them to take immediate security precautions. Apple’s alerts emphasize the severity of these exploits, describing them as some of the most advanced threats known to date.

Part of the challenge in investigating the incidents lies in the conditions on the ground. Several affected individuals within Iran were reluctant to share their devices for forensic analysis, while others turned over their iPhones to Iranian authorities, further complicating efforts to determine the origin and full scope of the spyware. Experts note that the delayed reporting of infections also makes identifying the perpetrators more difficult, particularly when data trails go cold.

For those affected, Apple recommends adopting stricter security protocols such as enabling Lockdown Mode, a feature designed to minimize exposure by severely restricting iPhone functionality. The company also provides detailed online resources to help users identify suspicious activity and protect their devices from further compromise.

While investigators continue piecing together evidence, the attacks underscore how digital surveillance is evolving into a powerful weapon in geopolitical conflicts, with private citizens increasingly finding themselves caught in the crosshairs of cyber operations fueled by immense financial and technical backing.