Skip to main content
Microsoft Security

Iran turning to cyber-enabled influence operations for greater effect

Iranian state actors since June have latched on to a new set of preferred techniques, combining cyber and influence operations (IO) – what we refer to as cyber-enabled influence operations – for greater geopolitical effect. Multipole Iranian state groups have turned to cyber-enabled IO more regularly to boost, exaggerate, or compensate for shortcoming in their network access or cyberattack capabilities. More fundamentally, they have combined offensive cyber operations with multi-pronged influence operations to fuel geopolitical change in alignment with the regime’s objectives. This has included operations this year that have sought to bolster Palestinian resistance, foment Shi’ite unrest in the Guld, and counter the normalization of Arab-Israeli ties.1

1 “Hackers Target Israeli TV/Radio Infrastructure,” 6 May 2021, al-sarira.com/2021/05/06/hackers-target-israeli-tv-radio-infrastructure/; “Listen: Hackers broke into 100 FM broadcasts” (machine translation from Hebrew), 6 May 2021, ice.co.il/media/news/article/819193; web.archive.org/web/20210616224505/https://www.hackersofsavior.com/eventitem.html

Iran responsible for Charlie Hebdo attacks

Microsoft is attributing a recent influence operation targeting French magazine Charlie Hebdo to an Iranian nation-state actor Microsoft tracks as NEPTUNIUM.

Learn more

Propaganda in the digital age: How cyber influence operations erode trust

Survey the world of cyber influence operations, where nation states distribute propaganda designed to threaten the trustworthy information democracy requires to flourish.

Learn more

Ransomware as a service: The new face of industrialized cybercrime

Cybercrime’s newest business model, human-operated attacks, emboldens criminals of varying ability.

Learn more