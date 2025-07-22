A new report from Bloomberg reveals that in the months leading up to the recent Israel-Iran war, there was a concerted and sophisticated effort to hack iPhones belonging to Iranians living within Iran and abroad. More than a dozen individuals were targeted, some of whom received messages from Apple alerting them to the attempt. The alerts are part of Apple's threat notification program which we'll address later on.

With regard to the attack at issue, the report relays that a human rights group estimated that they were only able to identify "a fraction of the total targets." In other words, the hacking campaign appears to be expansive.

Of course, the next question is who exactly is behind the hacking campaign? Interestingly enough, this is where things get a little bit murky. Some of the targeted individuals work within the Iranian government, a fact which suggests that the campaign may have been an initiative launched by either Israel or the U.S. There's also the possibility that the U.S. and Israel worked together. There is a precedent for this given the sophisticated Stuxnet attack which targeted Iran's nuclear program and was developed jointly between U.S. and Israeli tech experts over the course of a few years.

Complicating matters, however, is that some of the targeted individuals are Iranian dissidents who are vocal in their opposition to the current Iranian regime. This, naturally, would suggest that the Iranian Government is behind the attacks. It's worth noting that various state-affiliated Iranian hacking groups are known to be exceptionally sophisticated.

To this point, Lookout recently highlighted some of the sophisticated mobile hacking efforts initiated by MuddyWater, a hacking group with close ties to Iran's Intelligence services. Indeed, Lookout noted that about a week into the recent Israel-Iran war, its researchers discovered several new samples of an advanced Android malware dubbed DCHSpy which has the "ability to identify and exfiltrate data from files of interest on the device as well as WhatsApp data."

All told, it remains unclear who exactly is behind the attacks. What is clear, however, is that the attack itself was very advanced and relied upon various zero-day zero-click exploits which likely cost millions of dollars to research and develop. The report notes that the attack vectors themselves were "exceptionally rare."