Saudi English language media is reporting that Iranian regime hackers targeted an online rally in July, which brought together a large number of dissidents, as well as more than 1,000 politicians and government officials, including former New York Mayor Rudy Giuliani and former US Senator Joseph Lieberman. According to the Arab News report, the US cyber and threat intelligence consultancy Treadstone 71 identified thousands of fake social media accounts created to disrupt the rally and target the participants and was conducted by the paramilitary wing of the Islamic Revolutionary Guard Corps (IRGC) and Iran’s Ministry of Intelligence and Security (MOIS):
October 28, 2020 The RGCU launched the primary campaign on July 17 at 16:59 CEST, immediately after the speech by Maryam Rajavi, starting the process of audience involvement, account mobilization, and hashtag repetition. The coordinated launch helped to create identifiable Twitter trending. The RGCU expanded the campaign by distributing and republishing influential core members’ tweets and content. The republishing triggered thousands of bots and fake accounts with low followership belonging to Basij Cyber Units…With the entry of influencers…the campaign entered the next operations stage. The content and tweets were distributed and republished by those influential IRGC Cyber Units. The narrative between these users reveals their role in promoting the campaign and the purpose of the personas. Thousands of bots and fake accounts with low followership belonging to Basij Cyber Units widely republished and retweeted tweets published by influencers and retweeted and promoted the posts by other accounts that had used the given hashtag.
Read the rest here.
Full Treadstone 71 report here.
Maryam Rajavi has been a long-term leader of the People’s Mujahedin of Iran (MEK), one of the main Iranian opposition groups, and was removed from the US terror list in 2012.
Global Influence Operations Report (GIOR) reporting on Iranian influence operations utilizing social media have included:
- An October 2020 report that Facebook had removed a network of Iranian government-connected accounts on Facebook and Instagram said to have targeted mainly the US and Israel.
- An October 2020 report that the US Treasury designated five Iranian entities said to have been involved in the Iranian regime’s attempts to influence the US elections.
- An October 2020 report that The US Department of Justice had seized 92 internet domains used by Iran’s Revolutionary Guard as part of a global disinformation campaign.
- A November 2020 report that Microsoft had linked the Iranian hacker group Phosphorus to an attempt to break into personal e‑mails accounts of the Munich Security Conference attendees.