The discovery of a large underground tunnel complex in Sudan, reportedly built by Iran’s Islamic Revolutionary Guard Corps (IRGC), signals a serious expansion of Iran’s forward operating capabilities. The facility contains twelve separate, fortified entrances and is buried deep within mountainous terrain. Its construction mirrors Iranian missile bases found in places like Khuzestan and Hormozgan provinces, which are built to withstand aerial bombardments and remain operational under sustained attack.
The tunnel entrances and hardened underground storage areas are not designed to defend against local or regional actors, as neither the Rapid Support Forces nor Sudan’s neighboring states possess the weaponry required to penetrate this level of fortification. The design strongly suggests preparation for a conflict with a technologically advanced state—specifically, Israel. Israel has conducted multiple airstrikes in Sudan in recent years, frequently under the pretext of targeting weapons smuggling routes to Hamas.
Iran began providing weapons and logistical support to the Sudanese Armed Forces during the 2023 civil war against the RSF. Intelligence assessments now point to Sudan acting as a staging area and transit corridor for Iranian arms moving west toward the Red Sea and northward into Egypt, eventually reaching the Mediterranean through routes tied to Hamas and Hezbollah.
Analysts assessing satellite imagery suspect that missile production equipment may already be installed at the site. If verified, this implies Iran is not only supplying weapons to Sudan, but also transferring industrial missile manufacturing capacity, giving the Sudanese Armed Forces a long-range strike capability under Iranian guidance or technical support. This would represent a shift from proxy arms transfers to direct forward-deployed missile production.
Iran’s cyber units, including APT34 (OilRig), remain deeply integrated into its operational planning. APT34’s activity is focused heavily on regional governments, energy infrastructure, and telecommunications systems. Its operations use phishing, supply chain intrusion, and web shell exploitation on high-value infrastructure such as Microsoft Exchange servers. The group’s intelligence gathering directly supports IRGC-Quds Force logistics, including monitoring regional movements and securing sensitive supply lines.
APT34 and other Iranian cyber units could provide cover for the underground complex in Sudan by compromising adversarial surveillance systems or targeting early warning radar networks. In addition, their access to networks across the Middle East allows them to map Israel’s intelligence-gathering platforms or intercept planning related to Israeli or Western operations targeting Sudanese assets.
The tunnel complex in Sudan is not a local military outpost. It reflects Iran’s strategy of hardened, decentralized force projection. By embedding missile and weapons production into friendly or unstable regions and defending it with cyber and military infrastructure, Iran increases the difficulty of preemptive strikes and imposes a significant risk on adversaries attempting to disrupt its regional influence.
