Why should Western countries be on their guard?
According to a report from the Microsoft Threat Analysis Center (MTAC), after the beginning of the conflict between Hamas and Israel in October 2023, hackers associated with the Iranian government launched a series of cyber attacks and influence operations aimed at supporting Hamas and weakening Israel, its political allies and business partners. Iran's initial operations were hasty and chaotic, indicating a lack of coordination with Hamas, but the campaigns have nevertheless become more successful over time.
In the first week of the conflict, there was a 42% increase in traffic to news sites operated or affiliated with the Iranian state, and 3 weeks after the start of the confrontation, the figure was still 28% higher than in peacetime. Despite Iran's earlier statements, many of the attacks in the early days of the conflict either leaked old materials, used previously obtained access to networks, or were false.
Iran's activity quickly grew from 9 groups tracked by Microsoft and active in Israel in the first week of the conflict to 14 groups 2 weeks later. Impact operations increased from one operation every 2 months in 2021 to 11 operations in October 2023 alone.
Connections of some threat actors acting in the interests of Iran according to Microsoft
As the conflict progressed, Iranian cybercriminals expanded the geography of their attacks to include Albania, Bahrain, and the United States, as well as increased their cooperation, which allowed for greater specialization and efficiency. In December 2023, Iran attacked streaming television services by injecting fake news videos into the broadcast, allegedly using an artificially created news anchor. The attack was the first Iranian influence operation discovered by Microsoft, where artificial intelligence played a key role in transmitting messages.
Among English-speaking countries with close ties to the United States (Great Britain, Canada, Australia, New Zealand), there was a particularly pronounced increase in interest in Iranian sources, which indicates Iran's ability to influence Western audiences with its coverage of conflicts in the Middle East.
Iran has gone through 3 phases of cyber operations in the situation between Israel and Hamas, starting with operational and misleading operations and ending with the expansion of geographical coverage and an increase in the number of attacks on countries perceived by Iran as supporting Israel.
Iran seeks to undermine the influence of Israel and its supporters on the Internet and social networks, causing general confusion and loss of trust, which is reinforced by four main goals: destabilization through polarization, revenge, intimidation and undermining international support for Israel.
Looking ahead suggests that Iran will continue to test "red lines" as it did with the attack on an Israeli hospital and U.S. water supply systems in late 2023, and that increased cooperation between various Iranian hackers will create greater threats in 2024, especially in the context of elections.
According to a report from the Microsoft Threat Analysis Center (MTAC), after the beginning of the conflict between Hamas and Israel in October 2023, hackers associated with the Iranian government launched a series of cyber attacks and influence operations aimed at supporting Hamas and weakening Israel, its political allies and business partners. Iran's initial operations were hasty and chaotic, indicating a lack of coordination with Hamas, but the campaigns have nevertheless become more successful over time.
In the first week of the conflict, there was a 42% increase in traffic to news sites operated or affiliated with the Iranian state, and 3 weeks after the start of the confrontation, the figure was still 28% higher than in peacetime. Despite Iran's earlier statements, many of the attacks in the early days of the conflict either leaked old materials, used previously obtained access to networks, or were false.
Iran's activity quickly grew from 9 groups tracked by Microsoft and active in Israel in the first week of the conflict to 14 groups 2 weeks later. Impact operations increased from one operation every 2 months in 2021 to 11 operations in October 2023 alone.
Connections of some threat actors acting in the interests of Iran according to Microsoft
As the conflict progressed, Iranian cybercriminals expanded the geography of their attacks to include Albania, Bahrain, and the United States, as well as increased their cooperation, which allowed for greater specialization and efficiency. In December 2023, Iran attacked streaming television services by injecting fake news videos into the broadcast, allegedly using an artificially created news anchor. The attack was the first Iranian influence operation discovered by Microsoft, where artificial intelligence played a key role in transmitting messages.
Among English-speaking countries with close ties to the United States (Great Britain, Canada, Australia, New Zealand), there was a particularly pronounced increase in interest in Iranian sources, which indicates Iran's ability to influence Western audiences with its coverage of conflicts in the Middle East.
Iran has gone through 3 phases of cyber operations in the situation between Israel and Hamas, starting with operational and misleading operations and ending with the expansion of geographical coverage and an increase in the number of attacks on countries perceived by Iran as supporting Israel.
Iran seeks to undermine the influence of Israel and its supporters on the Internet and social networks, causing general confusion and loss of trust, which is reinforced by four main goals: destabilization through polarization, revenge, intimidation and undermining international support for Israel.
Looking ahead suggests that Iran will continue to test "red lines" as it did with the attack on an Israeli hospital and U.S. water supply systems in late 2023, and that increased cooperation between various Iranian hackers will create greater threats in 2024, especially in the context of elections.
