A group of hackers associated with Iran has disrupted BBC and several other European TV streaming services in the United Kingdom, the United Arab Emirates, and Canada, as reported by Microsoft earlier this month. This interference signifies an increased frequency of Iranian cyber attacks following Hamas’s assault on Israel on October 7. The hackers replaced the programming with a fabricated news report on Gaza containing distressing images and what seemed to be an AI-generated news anchor – marking Iran’s first utilization of AI in such influence campaigns.
Microsoft disclosed that the cyber breach occurred in early December, highlighting the rapid and substantial expansion of Iranian operations since the onset of the Israel-Hamas conflict. The fabricated news broadcast centered on Israel’s actions in Gaza and featured a banner stating: “We have no choice but to hack to deliver this message to you.”
The AI news anchor proceeded to present unverified graphic images of Palestinians, including women and children, purportedly affected by Israeli military actions in Gaza.
A resident of Dubai shared her experience with Khaleej Times, recounting how the news interruption shocked her as harrowing visuals from Palestine unexpectedly appeared on her screen. Another individual mentioned in the same newspaper article expressed her struggle to shield her children from the sudden display of graphic content across various channels.
Microsoft’s Threat Analysis Centre (MTAC) stated in its February 8 report that the disruption extended to audiences in Britain and Canada. The attack was attributed to Cotton Sandstorm, an Iranian state actor previously sanctioned by the US Treasury Department for interference in the 2020 US presidential elections.
Microsoft noted that the group, operating under the name “For Humanity,” utilized AI prominently in this operation, a first for Iranian influence campaigns detected by the tech giant. The collaboration between Iranian-affiliated groups and Hezbollah cyber units has been observed since the conflict’s commencement.
Experts such as AI specialist Fabrice Popineau and cybersecurity VP Nicolas Arpagian commended the technical sophistication of the attack, emphasizing the strategic placement of the AI-generated news broadcast to evoke emotional responses and political agitation.
The surge in Iranian cyber attacks underscores the regime’s intent to demonstrate its global reach and impact. Microsoft’s tracking revealed a significant increase in Iranian-linked groups active in Israel during the conflict, with a rise from nine to potentially 14 groups within two weeks. Iranian cyber influence operations surged from sporadic occurrences in 2021 to eleven operations in October 2023 alone.
Moreover, Iran-backed groups expanded their targets beyond Israel to include allies, such as small-town water utilities in the US. These attacks, like the one on the Aliquippa water authority in Pennsylvania, aimed to disrupt operations by hacking Programmable Logic Controllers (PLCs) crucial for industrial processes, potentially causing substantial damage.
The US authorities have initiated an investigation into this attack, underscoring the serious implications of such cyber intrusions.
This article was adapted from the original in French.