Treadstone 71, LLC, your primary source for cyber intelligence and counterintelligence training and services, released in-depth details of Iranian intelligence-backed hybrid operations and cognitive warfare actions.
“Iranian intelligence uses social media to threaten and impersonate dissident groups while blatantly violating platform rules. In addition, known intelligence operators openly working in cyberspace use social media for command and control. For example, they issue instructions to Basij Cyber Battalion members to start cyber operations against opposition groups such as the National Council of Resistance of Iran (NCRI),” stated Jeff Bardin, Chief Intelligence Officer at Treadstone 71.
“Basij Cyber Battalions execute plans on Twitter using pre-defined hashtags to manipulate social media. The action combined with physical infiltration of Iranian protests and demonstrations and distributed denial of service attacks shows a hybrid warfare approach to Iranian regime attacks against any opposition, internal and external.”
Treadstone 71 accessed the Iranian intelligence playbook for infiltrating protests and even directing events and slogans by starting seemingly anti-regime. In addition, Iranian intelligence operators regularly infiltrate demonstrations to pervert protester messaging with divergent disinformation. The Basij Cyber Battalions follow Telegram instructions describing how to avoid suspension on Twitter, while the regime develops devious ways to subvert and quash free speech. The plans include threatening messages and warnings on sites such as Telegram, Skype, Whatsapp, and Twitter, issuing instructions to execute cyber operations, how to create and manage fake social media accounts that impersonate media personalities, journalists, opposition leaders, and politicians while spreading false information that demonizes anything and anyone contrary to Islamic Republic’s ideals.
“We discovered Iranian leadership openly discussing how to bypass Twitter API rules to programmatically post false information in ‘psycho ‘operations’ using US-based infrastructure, continued Bardin. The operations succeeded in impersonating influencers while getting influencer followers to believe the fake posts, retweeting and liking the posts creating Twitter trends.”
One of the methods used extensively by Iran’s cyber operations is using personas presenting themselves as dissidents to create division between opposition groups and to use IRGC and MOIS demonization operations against prominent opposition groups. Under the pretext of internal hostility, they can advance the demonization operation against the main opposition and create deviant waves to divert public opinion from essential developments. A technique previously reported by Treadstone 71, now used in more complex and advanced methods.
Based on years of analysis and research on Iran’s cyber operations, many signs recently showed a new wave of cyber activity, simultaneous with international developments and days before the scheduled annual summit of Iranian dissidents. With Putin’s visit to Iran, Treadstone 71 expects Russian participation in anti-dissident operations.