Iranians Targeted with Advanced Spyware Ahead of War with Israel.
ByAinvest
Tuesday, Jul 22, 2025 8:19 am ET1min read
AAPL--
Miaan Group, a digital human rights organization based in Austin, Texas, and Hamid Kashfi, a Sweden-based cybersecurity researcher, independently discovered the spyware attacks. The attacks were first detected in the first half of 2025, with victims receiving threat notifications from Apple Inc. The notifications described the attacks as "exceptionally rare" and costing "millions of dollars."
The spyware was used to target individuals both inside Iran and abroad. The victims included two Iranian dissidents inside the country and a technology worker who is an Iranian citizen living in Europe. Another cybersecurity researcher, Kashfi, found 12 victims, all inside Iran and working either in the country’s technology sector or for the government.
The spyware used in the attacks is believed to be highly sophisticated, with a level of sophistication comparable to the Pegasus spyware from NSO Group. The attacks were carried out without any interaction from the victims, indicating the use of zero-day zero-click techniques.
The research highlights the growing sophistication of cyber-espionage tools being used by Iranian state actors. The attacks underscore the potential risks posed by advanced persistent threat (APT) groups, which are increasingly targeting mobile devices for intelligence gathering.
The latest developments add to a growing body of evidence that Iranian threat actors are investing in custom-built mobile malware frameworks for intelligence gathering. According to Lookout Inc., a mobile security firm, the Iranian state-aligned cyberespionage group MuddyWater has further developed its Android surveillanceware known as DCHSpy. The group has been linked to the Iranian Ministry of Intelligence and Security.
The attacks come amid ongoing tensions in the Middle East and highlight the need for robust cybersecurity measures. As the conflict between Iran and Israel continues, the risk of further cyberattacks is likely to remain high.
References:
[1] https://www.bloomberg.com/news/articles/2025-07-22/iranians-targeted-with-spyware-in-lead-up-to-war-with-israel
[2] https://siliconangle.com/2025/07/21/iranian-hackers-expand-android-spyware-campaign-amid-middle-east-tensions/
Iranians were targeted with highly advanced spyware in the lead-up to the country's war with Israel, with over a dozen mobile phones compromised. The attacks, which exploited hidden vulnerabilities, were likely carried out by "zero-day zero-click" attacks. Victims included Iranian dissidents, technology workers, and government officials. It's unclear who was behind the attacks.
In the lead-up to the recent conflict between Iran and Israel, over a dozen Iranian mobile phones were targeted with highly advanced spyware, according to new research. The attacks, which exploited hidden vulnerabilities, were likely carried out using "zero-day zero-click" techniques. The victims included Iranian dissidents, technology workers, and government officials. The identities of the attackers remain unclear.Miaan Group, a digital human rights organization based in Austin, Texas, and Hamid Kashfi, a Sweden-based cybersecurity researcher, independently discovered the spyware attacks. The attacks were first detected in the first half of 2025, with victims receiving threat notifications from Apple Inc. The notifications described the attacks as "exceptionally rare" and costing "millions of dollars."
The spyware was used to target individuals both inside Iran and abroad. The victims included two Iranian dissidents inside the country and a technology worker who is an Iranian citizen living in Europe. Another cybersecurity researcher, Kashfi, found 12 victims, all inside Iran and working either in the country’s technology sector or for the government.
The spyware used in the attacks is believed to be highly sophisticated, with a level of sophistication comparable to the Pegasus spyware from NSO Group. The attacks were carried out without any interaction from the victims, indicating the use of zero-day zero-click techniques.
The research highlights the growing sophistication of cyber-espionage tools being used by Iranian state actors. The attacks underscore the potential risks posed by advanced persistent threat (APT) groups, which are increasingly targeting mobile devices for intelligence gathering.
The latest developments add to a growing body of evidence that Iranian threat actors are investing in custom-built mobile malware frameworks for intelligence gathering. According to Lookout Inc., a mobile security firm, the Iranian state-aligned cyberespionage group MuddyWater has further developed its Android surveillanceware known as DCHSpy. The group has been linked to the Iranian Ministry of Intelligence and Security.
The attacks come amid ongoing tensions in the Middle East and highlight the need for robust cybersecurity measures. As the conflict between Iran and Israel continues, the risk of further cyberattacks is likely to remain high.
References:
[1] https://www.bloomberg.com/news/articles/2025-07-22/iranians-targeted-with-spyware-in-lead-up-to-war-with-israel
[2] https://siliconangle.com/2025/07/21/iranian-hackers-expand-android-spyware-campaign-amid-middle-east-tensions/
Stay ahead of the market.
Get curated U.S. market news, insights and key dates delivered to your inbox.
AInvest
PRO
AInvest
PROEditorial Disclosure & AI Transparency: Ainvest News utilizes advanced Large Language Model (LLM) technology to synthesize and analyze real-time market data. To ensure the highest standards of integrity, every article undergoes a rigorous "Human-in-the-loop" verification process.
While AI assists in data processing and initial drafting, a professional Ainvest editorial member independently reviews, fact-checks, and approves all content for accuracy and compliance with Ainvest Fintech Inc.’s editorial standards. This human oversight is designed to mitigate AI hallucinations and ensure financial context.
Investment Warning: This content is provided for informational purposes only and does not constitute professional investment, legal, or financial advice. Markets involve inherent risks. Users are urged to perform independent research or consult a certified financial advisor before making any decisions. Ainvest Fintech Inc. disclaims all liability for actions taken based on this information. Found an error?Report an Issue
Comments
No comments yet