Hacker networks linked to Iran are escalating cyber operations by leveraging artificial intelligence and vast troves of personal data collected over the past decade, according to Israeli cyber policy and security experts. They warn that the use of AI tools has made attacks more precise, convincing and potentially more damaging to governments, corporations and critical infrastructure worldwide.
According to the assessment, Iran’s Islamic Revolutionary Guard Corps (IRGC) and affiliated groups have systematically gathered sensitive personal information through email campaigns, social media manipulation and fraudulent digital platforms. While early efforts were largely limited to broad phishing attempts, the strategy has evolved into highly targeted “spear-phishing” operations—where specific individuals or institutions are impersonated with credible digital identities to gain trust and access.
FCRF Launches Flagship Certified Fraud Investigator (CFI) Program
Evolution of Iran’s AI-Driven Spear-Phishing Tactics
Experts note that in 2024, suspected Iranian operatives attempted to target a former Israeli government spokesperson by misusing the name of Israel Defense Forces (IDF). That attempt reportedly failed due to weak translations and technical inconsistencies. However, analysts caution that AI-powered language models and deepfake technologies have significantly reduced such flaws, enabling attackers to craft far more convincing messages, audio and video content.
In one recent case, a trojanized version of Israel’s Home Front Command official mobile application was circulated online. Cyber risk monitoring firms warned that if installed, the malicious app could have allowed attackers continuous access to a victim’s SMS messages, contact lists and GPS location data. In another tactic, fake Google Meet links were used to activate cameras and microphones remotely for espionage purposes.
Surge in Attacks on Critical Infrastructure Post-October 7
Cyber analysts say the intensity of these campaigns has increased since the events of October 7. Initial phishing emails often serve as entry points into industrial control systems and digital networks linked to water supply, energy grids and other critical sectors. In some instances, attempts to infiltrate Israeli water infrastructure and networks associated with U.S. technology firms have been identified.
Countries in the Gulf region have also reported a rise in AI-enabled cyberattacks, with several governments claiming that coordinated monitoring systems and rapid response mechanisms helped neutralize multiple threats. Security experts suggest that intelligence-sharing frameworks developed after the Abraham Accords are playing a protective role in regional cyber defense.
Hacktivist Groups and the Growing Threat of Disinformation
Parallel to state-linked operations, self-described “hacktivist” groups such as Team 313 and others have publicly claimed responsibility for certain cyberattacks, portraying them as acts of political retaliation. Analysts believe these groups are also engaged in psychological warfare, disinformation campaigns and efforts to amplify social polarization.
Policy specialists argue that although many nations have strengthened technical defenses, countering disinformation remains a major vulnerability. The growing availability of inexpensive AI tools has made it easier to fabricate fake news reports, manipulated videos and synthetic audio clips. Persistent waves of misinformation can fuel social instability, radicalization and mistrust in institutions.
Experts further caution that the convergence of cyber and physical attacks represents a significant future challenge. Lessons from the Russia-Ukraine War have heightened awareness of hybrid warfare tactics, yet preparedness across digital fronts remains uneven. As AI-driven cyber campaigns grow more sophisticated and complex, pressure on global security frameworks is expected to intensify in the coming years.
