Iranian state-backed hackers, identified as part of the Islamic Revolutionary Guards, recently disrupted TV streaming services in the United Arab Emirates, according to a recent Guardian report. They broadcasted a deepfake newsreader delivering a fabricated report on the war in Gaza, as reported by Microsoft analysts. This operation, dubbed “For Humanity” by the hackers, involved an AI-generated news anchor presenting unverified images purportedly showing Palestinians harmed by Israeli military actions in Gaza. The Iranian-backed hackers, known as Cotton Sandstorm, showcased their intrusion into three online streaming services on the Telegram messaging platform, interrupting news channels with the fake broadcaster.
In one instance, Dubai residents using a HK1RBOXX set-top box encountered a message claiming the necessity of hacking to deliver a message, followed by the AI-generated anchor introducing “graphic” footage and a ticker detailing casualties in Gaza. The disruptions extended to Canada and the U.K., affecting channels including the BBC, though the BBC itself was not directly hacked.
This incident marks the first time Microsoft has detected an Iranian influence operation leveraging AI as a significant component of its messaging. It represents a notable escalation in the scope of Iranian operations since the onset of the Israel-Hamas conflict, reaching audiences in the UAE, U.K., and Canada.
Deepfakes and election disruption
The rise of generative AI, capable of producing convincing text, voice, and images from simple prompts, has led to an increase in deepfake content online. Such technology poses a risk of being used to disrupt elections, including the upcoming 2024 U.S. presidential election. Iran’s history of targeting the 2020 U.S. election with cyber-campaigns, including impersonating American extremists and spreading disinformation about voting infrastructure, underscores the potential threat posed by these capabilities.
Microsoft’s report highlights the broad range of cyber-attacks and online influence operations launched by Iranian state-backed actors since the Hamas attacks on Oct. 7. These tactics have included exaggerating the impact of cyber-attacks, leaking personal data from an Israeli university, and targeting pro-Israel countries like Albania and Bahrain, as well as the U.S.