A group of hackers linked to Iran have interrupted BBC and a host of other European TV streaming services in Britain, the United Arab Emirates and Canada, Microsoft stated in a report earlier this month, noting a marked acceleration of Iranian cyber attacks since Hamas’s October 7 attack on Israel. The programming was interrupted with a fake news report on Gaza featuring graphic images and what appeared to be an AI-generated anchor – the first time Iran has used AI in this way in its influence operations.
Issued on:
4 min
According to the American IT giant, the hacker attack took place in early December and underscored “the fast and significant expansion in the scope of Iranian operations since the start of the Israel-Hamas conflict”.
The fake news broadcast focused on Israel’s operations in Gaza and was accompanied by a banner that read: “We have no choice but to hack to deliver this message to you.”
The AI news anchor then went on to present graphic – and unverified images – of Palestinians, including women and children, allegedly killed or injured by Israeli forces in Gaza.
“I was watching BBC News around 10.30 pm when the programme was abruptly disrupted, and instead, harrowing visuals from Palestine appeared on my screen. I watched transfixed as my screen froze, and a message from the hacker popped up in all caps against a green background. This was immediately followed by a news bulletin presented by an AI anchor. It was surreal and scary,” a Dubai resident told Khaleej Times.
Another user interviewed by the same newspaper recounted how she was unable to shield her children from the graphic images that suddenly popped up on the TV screen.
“Every channel we switched to displayed the same content,” she said.
In its February 8 report, Microsoft’s Threat Analysis Centre (MTAC) said the disruption had also reached audiences in Britain and Canada.
MTAC attributed the attack to Cotton Sandstorm – a group it has previously identified as “an Iranian state actor sanctioned by the US Treasury Department for their attempts to undermine the integrity of the 2020 US presidential elections”.
AI ‘a key component’
Microsoft said the group, which labelled itself “For Humanity” during the operation, had published videos on the Telegram messaging app, showing how it had hacked into three online streaming services and disrupted “several news channels” with the fake AI broadcast.
It added it was “the first Iranian influence operation Microsoft has detected where AI played a key component in its messaging”.
Since the start of the war, Microsoft said it had noted collaboration between groups affiliated with Iran and, in particular, between a group linked to Iran’s intelligence and security ministry and “Hezbollah cyber units”.
Fabrice Popineau, an AI specialist who lectures and conducts research at France’s prestigious engineering school CentraleSupélec, said the attack was quite a feat. “The achievement is not so much the production of an AI-generated news broadcast, but the fact that they managed to insert it in the right place,” he said.
Nicolas Arpagian, vice-president of cybersecurity firm HeadMind Partners, also pointed to the technical aspect of how the group had attacked the streaming services.
“The cyber attack did not directly target the television channels but the operators of them, not the sender but the receiver,” he explained.
According to Arpagian, these type of attacks – in which graphic photos and videos are displayed – fall under a special propaganda category known as “agit-prop”, aiming to spark an emotional reaction and political agitation.
“As soon as you have people feeling it, experiencing it in their homes, in their privacy, the goal is achieved,” he said.
Surge in Iranian cyber attacks
Iran’s upswing in hackings and influence campaigns highlights the regime’s desire to show that it can attack anywhere, anytime. Microsoft said that while it had tracked only nine Iranian-linked groups active in Israel in the first week of the war, this number had grown to as many as 14 just two weeks into the conflict.
It also said that Iranian cyber influence operations had skyrocketed from around one operation “every other month” in 2021, to 11 in October, 2023, alone.
In November last year, these Iran-backed groups also started to extend their attacks beyond Israel to include Israeli allies. Among the targets were a handful of small town water utilities in the United States, including in Pennsylvania, where stunned staff at the Aliquippa water authority discovered that their industrial control device had been hacked. A message on the device screen read: “You have been hacked. Down with Israel. Every equipment ‘made in Israel’ is Cyber Avengers’ legal target.” The Cyber Avengers is affiliated to Iran’s Revolutionary Guards, which is a key branch of the country’s armed forces.
This particular attack was remarkable in the sense that it targeted Programmable Logic Controllers (PLCs), which are commonly used in factory automation processes, including robotised machines and assembly line devices. Such attacks can therefore heavily disrupt operations, and, depending on the industry affected, cause major damage.
US police have opened an investigation into the attack.
This article was adapted from the original in French.
This story originally appeared on France24