Microsoft warned that Iran is accelerating its cyber-enabled influence operations to go in tandem with its geopolitical goals worldwide.
“Iran continues to be a significant threat actor, and it is now supplementing its traditional cyberattacks with a new playbook, leveraging cyber-enabled influence operations (IO) to achieve its geopolitical aims,” a report published by the company on Tuesday revealed.
Microsoft has detected these efforts rapidly accelerating since June 2022.
Microsoft said it attributed 24 unique cyber-enabled influence operations to the Iranian government last year compared to just seven in 2021.
The report added that most of Iran’s cyber-enabled influence operations are being run by Emennet Pasargad – which is sanctioned by the US Treasury Department for attempts to undermine the integrity of the 2020 US Presidential Elections.
Though Iran’s techniques may have changed, its targets have not. These operations remain focused on Israel, prominent Iranian opposition figures and groups, and the Gulf countries, according to Microsoft.
“Iran directed nearly a quarter (23%) of its cyber operations against Israel between October of 2022 and March of 2023, with the United States, United Arab Emirates, and Saudi Arabia also bearing the brunt of these efforts.”
The goals of its cyber-enabled IO have included seeking to bolster Palestinian groups that are allied to Iran, fomenting unrest in Bahrain, and sowing panic and fear among Israeli citizens.
“Iran has also adopted cyber-enabled IO to undercut the momentum of nationwide protests by leaking information that aims to embarrass prominent regime opposition figures.”
Microsoft added that most of these operations have a predictable playbook, in which Iran uses a cyber persona to publicize and exaggerate a low-sophistication cyberattack, using the language of the target audience.
“New Iranian influence techniques include their use of SMS messaging and victim impersonation to enhance the effectiveness of their amplification”, the report added.