Iran-backed hackers have been actively targeting various countries and organizations in cyber attacks. A joint threat intelligence report by Google’s Threat Analyst Group and Mandiant revealed that Iranian adversaries were responsible for 80% of government-backed phishing activity targeting Israeli users leading up to Hamas’s attack [1]. This report also highlighted a focused effort to undermine public support for the war following the October 7 attack by Hamas [3].


The report identified several Iran-backed groups [1], including APT32 [1], Dusty Cave [1], and Dune [1], as active during this period [1]. These threat groups employed tactics such as destructive attacks against Israeli organizations, hack-and-leak operations with exaggerated claims of attacks on critical infrastructure [3], information operations to demoralize Israeli citizens [3], and phishing campaigns to collect intelligence on decision-makers [3]. Additionally, a group of hackers linked to Iran targeted BBC and other European TV streaming services in Britain [2], the United Arab Emirates [2], and Canada [2]. This cyber attack [2], which occurred in early December [2], involved interrupting programming with a fake news report on Gaza [2]. It was the first time Iran used AI in this way for influence operations [2]. The attack was seen as a response to Hamas’s attack on Israel in October [2], and it highlighted the significant expansion of Iranian operations since the start of the Israel-Hamas conflict [2]. The fake news broadcast focused on Israel’s operations in Gaza and included unverified images of Palestinians allegedly killed or injured by Israeli forces [2]. The disruption caused distress to viewers [2], with one user recounting how she was unable to shield her children from the graphic images [2]. The cyber attack also reached audiences in Britain and Canada [2].


These cyber attacks by Iran-backed hackers have had significant impacts, both in terms of undermining public support for the war and causing distress to viewers. It is crucial for countries and organizations to strengthen their cybersecurity measures to mitigate the risk of future attacks. The use of AI in influence operations highlights the evolving tactics of hackers, and it is important for authorities to stay vigilant and adapt their strategies accordingly. The expansion of Iranian operations since the start of the Israel-Hamas conflict indicates the need for continued monitoring and response to cyber threats.