top of page

Source: Axios

May 2, 2023

Iran is diving into the disinformation wars, Microsoft says

BY Sam Sabin, author of Axios Codebook


Iran's state-backed hackers are expanding their cyber playbook to include disinformation campaigns, Microsoft warned in a report Tuesday.


Driving the news: Microsoft estimates that the Iranian government was behind 24 "cyber-enabled influence operations" throughout 2022, including 17 since mid-June.


  • That was more than three times as many as in 2021, when that number stood at seven.



Why it matters: Microsoft's findings mark an escalation in Iran's adversarial cyber interests, given the country has historically leaned solely on more-traditional disruptive hacks in its operations.


  • Typically, Russia and China have been the only two U.S. adversaries that lean on disinformation in their schemes.


Threat level: While Iran's tactics are changing, the government's targets remain largely the same, Microsoft said.


  • The disinformation operations have largely focused on Israel, prominent Iranian opposition figures and Tehran's Gulf state adversaries.

  • Between October and March, Iran directed nearly a quarter of its cyber operations against Israel — although the U.S., the United Arab Emirates and Saudi Arabia also bore "the brunt of these efforts," per the report.

  • Most of these cyber-enabled influence operations are run by an Iranian group that Microsoft tracks as Cotton Sandstorm. Others call the group Emennet Pasargad.


Details: Iran currently has a "predictable playbook" in its influence operations, Microsoft said.


  • First, Iranian state-backed hackers use online accounts they've already established — including those on social media and messaging services — to "publicize and exaggerate" the impact of a low-level cyberattack.

  • Some of the posts are published on social media, while others are sent to specific targets via text message.

  • Then, a flurry of inauthentic online personas will rush to amplify and "often further hype" the impact of the attacks, the company noted.


The intrigue: Microsoft has detected a "corresponding" decline in the number of Iran-backed ransomware and wiper attacks as the government's teams shift to disinformation.


  • However, Microsoft warned that the threat of future cyberattacks on U.S. and Israeli critical infrastructure remains, as some Iranian groups are likely to be seeking new tactics for launching such attacks.



© 2022 by IranTimes.com - All rights Reserved.

Get Social

  • Facebook
  • Twitter
  • Youtube
  • Instagram

- Committed to delivering real time, unbiased news about IRAN to readers all over the world.

- Our mission is to tell the truth as nearly as the truth can    be ascertained.

- Cover a diverse range of topics and perspectives in a      sincere, relatable voice.

- We shall tell ALL the truth so far as we can learn it,            concerning the critical affairs of IRAN and the world.

bottom of page