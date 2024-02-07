Microsoft released an in-depth report on Iranian cyber and influence activities before and after the Hamas-led October 7 assault, finding that Iran and its state-actor groups had operated reactively to the attack.

Contrary to Iranian-state media reports, many “attacks” immediately after the assault were either false or using old access points and material. However, since then Iran focused 43 percent of its cyber activity against Israel which amounts to more than the next 14 targets combined.

The operations were described in three phases, starting reactively and using state media to report misinformation such as falsely taking down an Israeli electric company. The second phase was “All hands on deck” with more groups and actors operating in Israel, with what seemed like coordination or objectives set by Tehran. And the third was “Expanding geographic scope.”

A key objective for Iran was using its cyber operations to influence both Israeli and world public opinion through manipulation or intimidation. It did so by targeting “political and social rifts” and often focused its efforts around the 240 hostages abducted during the Hamas-led assault, or calling for the removal of Israel’s Prime Minister Benjamin Netanyahu, in order to cause confusion or loss of trust.

In numbers, Iranian state-groups tracked by Microsoft increased from nine in the first week of the war up to 14 just a week later. Influence operations grew from one every other month to 11 just in October. It also reported about 42 percent increased traffic to Tehran’s websites in the first week, maintaining a 28 percent increase a month later.

Even though Israel was the main target, Western and Arab allies were hit. An example given was an Iranian group targeting Bahraini government and financial institutions. Another was a Islamic Revolutionary Guard Corps (IRGC) group hitting an American water authority in the state of Pennsylvania.

Another significant Iranian attack was the interruption of streaming television services, propping up an “apparently AI-generated news anchor” as part of Iran’s influence campaign in the UK, Canada and UAE. Microsoft highlighted it as a “first'' of its type from Tehran state-groups.

In its outlook for 2024, Microsoft predicted more collaborators and increased destructiveness in Iranian attacks that will be more targeted, particularly highlighting that Iran would “test redlines” such targeting vital infrastructure like it did against an Israeli hospital and a U.S. water system.

Furthermore, the report warned that “Iranian threat actors will pose greater threats in 2024 for election defenders” in reference to the United States presidential election. Microsoft stated there were no longer just a “few groups.”