Screengrab of a disruption of streaming TV programming using an AI-generated broadcaster, by Cotton Sandstorm, an Iranian hacking group. (Credit: Microsoft report)
BEIRUT — Microsoft released a report about the acceleration of Iranian government-aligned cyberattacks carried out since the Hamas-Israel war started on Oct. 7.
According to the tech company's analysts, operations by hacker groups associated with the Islamic Revolutionary Guards, were — at first — "hasty and chaotic, indicating it had little or no coordination with Hamas, but it nevertheless has achieved growing success."
The report claims that Iran’s cyber op activity quickly grew from nine "Microsoft-tracked groups" active in Israel during the first week of the war to 14, two weeks into the war.
Cyber-enabled influence operations, as the report calls them, went from roughly one operation every other month in 2021 to 11 in October 2023 alone.
As the war carries on, Iranian hacking groups are expanding their geographic scope, Microsoft claims, to include attacks on Albania, Bahrain and the USA, as well as increasing their collaboration, "enabling greater specialization and effectiveness."
One of the incidents that the report specifically refers to is a December incident during which a hacking group known as Cotton Sandstorm disrupted TV streaming platforms in the UAE and even as far as Canada and the UK.
On Dec. 11, the UAE-based news service, Khaleej Times, reported that subscribers using a HKIRBOXX streaming box experienced a sudden switch on European live channels. A message was displayed stating, "We have no choice but to hack to deliver this message to you." Screens then shifted to an AI news anchor that presented a bulletin on the suffering of Palestinian children and women in Israeli prisons, accompanied by visuals of them in distress.
Analysts at Microsoft said Cotton Sandstorm published videos on Telegram showing it hacking into three online streaming services and disrupting news channels with the fake newscaster.
The report reads: “This marked the first Iranian influence operation Microsoft has detected where AI played a key component in its messaging and is one example of the fast and significant expansion in the scope of Iranian operations since the start of the Israel-Hamas conflict.”