Iranian Cyber and Physical Acts Against Any Opposition

From Cyber Grey Zone Actions to Assassinations – PMOI in the Crosshairs.

The following is an overview of Iranian regime tactics, techniques, and methods used against dissidents and opposition groups. The People's Mojahedin Organization of Iran (PMOI) holds a Free Iran conference every summer. Every year, the Iranian regime works to discredit, disrupt, delay, and destroy any attempts at the PMOI to hold the conference. From physical threats to the hacking of foreign governments to political pressure because of prisoner exchanges, Iran uses any tactic available to push the envelope during each action. Iran continues these actions.

Cyber grey zone actions blur the line between acceptable state behavior and hostile acts, creating challenges for attribution, response, and establishing clear norms and rules in the cyber domain. Addressing these challenges requires international cooperation, robust cybersecurity measures, and the development of norms and agreements to regulate state behavior in cyberspace.

Iranian cyber grey zone activities refer to malicious actions in cyberspace that fall short of a full-fledged cyberattack but aim to achieve strategic objectives.

  • Espionage: Iran conducts cyber espionage campaigns targeting foreign governments, organizations, and individuals. These activities involve stealing sensitive information, such as political or military intelligence, intellectual property, or personal data.
  • Disinformation and Influence Operations: Iran engages in online disinformation campaigns, spreading misleading information or propaganda to shape public opinion and advance its political or ideological agenda.
  • DDoS Attacks: Distributed Denial of Service (DDoS) attacks involve overwhelming a target's servers or networks with a flood of traffic, rendering them inaccessible. Iran conducted DDoS attacks against various targets, including websites of foreign governments, media organizations, and financial institutions.
  • Hacking and Defacement: Iranian hacking groups have conducted cyber intrusions and website defacements to highlight their capabilities, make political statements, or retaliate against perceived adversaries. These activities often target government websites, news outlets, or organizations critical of Iranian policies.
  • Cyber Attacks on Critical Infrastructure: While not explicitly falling into the grey zone, Iran conducts cyberattacks on critical infrastructure, such as energy facilities, banks, and transportation systems. Notable examples include the 2012 attack on Saudi Aramco and the 2019 attack on the oil tanker industry.

Iranian Cog War activities

Social Media Manipulation: Iranian actors operate fake social media accounts and engage in disinformation campaigns to influence public opinion, particularly during sensitive periods like elections or geopolitical tensions.

Cyber Espionage: Iran executed various cyber espionage campaigns targeting governments, organizations, and individuals worldwide. These activities involve stealing sensitive information for intelligence purposes or as a method to gain a competitive advantage.

Website Defacements: Iranian hacker groups have conducted website defacements, replacing the content of targeted websites with their own messages or political statements. Iran uses defacements to highlight capabilities, raise awareness, or promote political ideologies.

Phishing and Spear-Phishing: Iranian actors execute phishing campaigns that use deceptive emails or messages to trick individuals into revealing sensitive information, such as login credentials or financial data.

Influence Operations: Iran engages in influence operations through various means, including spreading propaganda, manipulating narratives, and leveraging state-controlled media outlets to shape public opinion, both domestically and abroad.

Targeting Dissidents and Activists: Iranian cyber actors target dissidents, activists, and human rights organizations, both within Iran and abroad. These activities aim to disrupt or silence opposition voices.

Distributed Denial of Service (DDoS) Attacks: Iran conducts DDoS attacks targeting various websites and online services. These attacks overwhelm the targeted systems, rendering them inaccessible to legitimate users.

Data Theft and Intellectual Property Theft: Iranian cyber actors steal sensitive data, including intellectual property, from foreign companies, universities, and research institutions.

Ransomware Attacks: While not exclusively attributed to Iran, there have been instances where Iranian-linked groups deployed ransomware to extort money from organizations by encrypting their systems and demanding payment for their release.


Contact Treastone 71

Contact Treadstone 71 Today. Learn more about our Targeted Adversary Analysis, Cognitive Warfare Training, and Intelligence Tradecraft offerings.

Contact us today!