top of page

Intel Brief: Iran's social media intel gathering advances

Date: 17/01/2024

Who’s involved:

  • Iran, Israel, intelligence assets

What happened?

  • The Israeli intelligence agencies Mossad and Shin Bet released information on Iranian attempts to gather sensitive information from Israeli soldiers and civilians via fake social media accounts and profiles.

  • Iranian intelligence agents created a string of profiles and accounts on popular social media sites like TikTok, Telegram, Instagram, LinkedIn, and others. Through these profiles, they sent friend requests to Israeli soldiers and family members of people who were taken hostage by Hamas during the attack on 07/10/2023.

  • Through these channels, Israeli citizens were asked to take pictures of the homes of security chiefs and politicians, set up protests in favor of exchanging terrorists for hostages, fill out surveys with personal information and Iranian agents would even send bouquets of flowers to family members of hostages.

  • Channels and sites used had names like Tears of War, BringHomeNow, Kan +, Agrof, Powerless, Israel the Second and the Avengers.

  • Several concerned civilians notified the security services about anomalies found in the profiles and websites. Mostly, people noticed poor grammar, strange questions, and the inability to read Hebrew. In response, the Israeli security services blocked dozens of profiles, accounts and websites.

  • Israel has warned other countries that Iran is actively trying to build a source network through online recruiting. In total, 27 plans to attack Israeli or Jewish institutions around the world were uncovered in 2023, all linked to Iranian intelligence services and mostly done through digital channels.



  • In a separate incident, the Microsoft security team reported that they had discovered Iranian government-linked hacking and phishing attempts dating back to November 2023. The targets of the hackers were mainly journalists and experts in Middle Eastern affairs. Attempts were made to influence them with propaganda and their computers were compromised by malware. Microsoft, who named the hacking group Mint Sandstorm, gave examples of sophisticated hacking attempts that can only be ascribed to a state actor.

  • Iran is increasingly focusing on cyber intelligence gathering through the use of the common method of phishing. Whereas this was once used mainly to scam or extort individuals for money, phishing is now used by state-affiliated groups and intelligence agencies to contact individuals and gather strategic information. Professional job websites like LinkedIn, reveal a lot of information on people’s backgrounds like job, education, work history, and interests. Sites like Instagram and Facebook are useful for gathering information on someone’s political and personal opinions as well as their network.

  • Social media is increasingly becoming a useful and important tool for state actors. Most people are aware of cyber criminality and would guard their financial information online,  but there is not yet enough awareness of espionage through social media by state actors. This puts civilians and government workers at risk of being targeted by intelligence agencies.


Iran is engaged in cyber warfare against Israel and other countries. Intelligence agencies are forced to create digital counter-attack divisions to thwart these attacks from enemy state actors. The digital battleground will likely be an integral part of conventional warfare and will challenge governments to address the safety and security of their citizens and interests off as well as online.

20241601 Iran Social Media
Download PDF • 425KB

50 views0 comments


bottom of page