Iranians Targeted with Advanced Spyware Ahead of War with Israel.

Iranians were targeted with highly advanced spyware in the lead-up to the country's war with Israel, with over a dozen mobile phones compromised. The attacks, which exploited hidden vulnerabilities, were likely carried out by "zero-day zero-click" attacks. Victims included Iranian dissidents, technology workers, and government officials. It's unclear who was behind the attacks.

In the lead-up to the recent conflict between Iran and Israel, over a dozen Iranian mobile phones were targeted with highly advanced spyware, according to new research. The attacks, which exploited hidden vulnerabilities, were likely carried out using "zero-day zero-click" techniques. The victims included Iranian dissidents, technology workers, and government officials. The identities of the attackers remain unclear.

Miaan Group, a digital human rights organization based in Austin, Texas, and Hamid Kashfi, a Sweden-based cybersecurity researcher, independently discovered the spyware attacks. The attacks were first detected in the first half of 2025, with victims receiving threat notifications from Apple Inc. The notifications described the attacks as "exceptionally rare" and costing "millions of dollars."

The spyware was used to target individuals both inside Iran and abroad. The victims included two Iranian dissidents inside the country and a technology worker who is an Iranian citizen living in Europe. Another cybersecurity researcher, Kashfi, found 12 victims, all inside Iran and working either in the country’s technology sector or for the government.

The spyware used in the attacks is believed to be highly sophisticated, with a level of sophistication comparable to the Pegasus spyware from NSO Group. The attacks were carried out without any interaction from the victims, indicating the use of zero-day zero-click techniques.

The research highlights the growing sophistication of cyber-espionage tools being used by Iranian state actors. The attacks underscore the potential risks posed by advanced persistent threat (APT) groups, which are increasingly targeting mobile devices for intelligence gathering.

The latest developments add to a growing body of evidence that Iranian threat actors are investing in custom-built mobile malware frameworks for intelligence gathering. According to Lookout Inc., a mobile security firm, the Iranian state-aligned cyberespionage group MuddyWater has further developed its Android surveillanceware known as DCHSpy. The group has been linked to the Iranian Ministry of Intelligence and Security.

The attacks come amid ongoing tensions in the Middle East and highlight the need for robust cybersecurity measures. As the conflict between Iran and Israel continues, the risk of further cyberattacks is likely to remain high.

References:
[1] https://www.bloomberg.com/news/articles/2025-07-22/iranians-targeted-with-spyware-in-lead-up-to-war-with-israel
[2] https://siliconangle.com/2025/07/21/iranian-hackers-expand-android-spyware-campaign-amid-middle-east-tensions/