Iran’s online disinformation activities and cyber attacks on Israel have risen dramatically since Oct. 7, according to a Microsoft report released on Monday.
“Iran’s activity quickly grew from nine Microsoft-tracked groups active in Israel during the first week of the war to 14 two weeks into the war. Cyber-enabled influence operations went from roughly one operation every other month in 2021 to 11 in October 2023 alone,” wrote Clint Watts, general manager of Microsoft’s Threat Analysis Center.
“As the war progressed, Iranian actors expanded their geographic scope to include attacks on Albania, Bahrain and the USA. They also increased their collaboration, enabling greater specialization and effectiveness,” Watts continued.
These cyberattacks grew “increasingly targeted and destructive” and so-called influence operation campaigns “increasingly sophisticated and inauthentic,” involving networks of social-media “sockpuppet” accounts, according to the report.
The campaign was successful, wrote Watts, noting a 42% increase in traffic to Iranian news sites from the United States, Britain, Canada, Australia and New Zealand during the first month of the war. That level has dropped somewhat, but Western traffic to Iranian media sites remains 28% above pre-war levels, he noted.
Iran’s efforts were aimed to “undermine Israel and its supporters across the internet and social media, causing general confusion and a loss of trust,” he said. Tehran’s four-pronged approach includes exacerbating domestic political and social rifts in target countries, cyberattacks against Israeli infrastructure in “retaliation” for the war in Gaza, intimidating Israeli supporters and their families and undermining international support for Israel.
The report highlighted a new Iranian trend of hackers masquerading as Israelis.
“In one recent operation, ‘Tears of War,’ Iranian operatives convinced Israelis to hang branded ‘Tears of War’ banners using AI-generated images in Israeli neighborhoods, based on Israeli press reporting,” the report said.
The report also raises concern about increased collaboration between various Iran-affiliated hacker groups. This “allows each group to contribute existing capabilities and removes the need for a single group to develop a full spectrum of tooling or tradecraft,” said Watts.
The findings raise troubling concerns for the future, especially with the prospect of similar influence campaigns to disrupt the U.S. presidential elections, he added.
“Amid the rising potential of a widening war, we expect Iranian influence operations and cyberattacks will continue to be more targeted, more collaborative and more destructive as the Israel-Hamas conflict drags on. Iran will continue to test redlines, as they have done with an attack on an Israeli hospital and U.S. water systems in late November,” the report stressed.
“The increased collaboration we have observed between different Iranian threat actors will pose greater threats in 2024 for election defenders who can no longer take solace in only tracking a few groups. Rather, a growing number of access agents, influence groups, and cyber actors makes for a more complex and intertwined threat environment.”