When considering the Internet and security nexus, the bulk of Western attention tends to focus on cyber-espionage and cyber-sabotage operations—the hard power side of the story. Only recently, U.S. and European security agencies have started paying real attention to how countries like Russia and China are exploiting the internet and social media for purposes of manipulation and subversion—the soft power side of cyberspace. Conscious of their many deficits in the technological, economic, and military fields, Iranian leaders have, for a long while now, conferred a significant role to media-enabled influence operations as critical complements to their hybrid strategy. Described as the “quintessential gray zone actor,” Iran is systematically articulating its modus operandi around this form of indirect approach consisting of pursuing its goals while avoiding direct confrontation with regional and extra-regional adversaries.

Propaganda (tablighat), political warfare, ideological persuasion, and public diplomacy have virtually always been “key elements” for the promotion of the Islamic regime’s survival and interests. It was not until the early 2000s, however, that Iran’s influence strategy was rethought and reorganized—an institutionalization effort corresponding to the rise of the Islamic Revolutionary Guard Corps (IRGC, in Persian: Sepāh-e Pāsdārān-e Enghelāb-e Eslāmi, or Pasdaran for short). Adopting best practices from both adversaries and allies, the Revolutionary Guards quickly took control of the Iranian influence strategy to develop a formidable mass diplomacy weapon. In the space of a decade, the Islamic Republic’s cyberspace propaganda machine has become one of the spearheads of Tehran’s short-of-war strategy achieving a degree of sophistication equivalent to that of similar approaches developed by Moscow and Beijing.

From Cyber-Guerilla to Cyber-Influence

Dating back to 2005, the development of Iran’s cyber-army coincides with the adoption of the regime’s Mosaic Doctrine, a forward-defense approach aimed at offsetting the power dissymmetry between Iran and its regional and extra-regional adversaries by substituting asymmetric forms of interactions. As noted by IRGC’s Major General Mohammad Ali Jafari, one of this doctrine’s principal originators, “Given the enemy’s numerical and technological superiority, Iran will now on systematically resort to an asymmetrical strategy.” Although established as a distinct entity, Iran’s cyber-army was, at the time of its formation, only embryonic and basically confined to computer hacking and cyber-guerrilla activities.

In 2010, the U.S.-led Stuxnet operation designed to neutralize Iran’s nuclear program acted as a trigger prompting the Pasdaran to invest massively in the training and in the recruitment of cyber-experts. From 2012, Western specialists noted a surge in cyber-incidents attributed to Iranians but still mainly limited to defacement and sabotaging acts against companies such as Twitter. In the same year, two proxies of the Iranian Cyber Army, one self-identified as “Parastoo” and the other one as “Cutting Sword of Justice,” were credited with hacking the International Atomic Energy Agency’s servers and conducting attacks involving the “Shamoon” malware. Concurrently, the Arab Spring, the Syrian Civil War, and the fight against the Islamic State accelerated the maturation of Iran’s cyber-initiatives and their increased coordination with Al-Quds Force’s activities led by the late General Qassem Soleimani.

Although the first generation of Iranian cyberattacks was mostly restricted to sabotaging and spying, Iranian officials gradually used them to promote their brand name and ideological cause: “In contrast to other nation-states, which essentially attempted to hide their activity and prevent attribution, the Iranians appeared to be making a name for themselves and letting the world know their cyber capabilities.” In fact, although Iranian operations were far from enjoying the same logistical and technological resources as those of the Russians, the Americans, and the Chinese, they immediately stood out for their high degree of sophistication and preparedness. Already, in 2013, IRGC leaders boasted that Iran possessed “the 4th biggest cyber power among the world’s cyber armies”—an assertion instantly substantiated by the Tel-Aviv-based Institute for National Security Studies.

Over the past decade, the Iranian Cyber Army’s know-how in sabotage and espionage has developed synchronously with its cyber-influence abilities. As of 2018, cyber-security firms such as Fire-Eye and Fortinet classified several Iranian cyber-entities as Advanced Persistent Threat (APT) groups including APT 35, also known as Newscaster, NewsBeef, and Charming Kitten, for creating fake journalist accounts on social media platforms. From that time, the use of what experts call “Sock puppet accounts” on social media such as Twitter and Facebook have been “operated by the Iranian regime as an integral part of its cyber-influence campaign.” In 2019, an EDPACS report concluded that: “China, Russia and Iran stand out as three of the most capable and active cyber actors.” In 2022, Iran is unanimously viewed as “one of the most sophisticated and feared online actors in the world.” Along with other types of offensive actions, Iranian cyber influence campaigns have earned a reputation in their own right: Myriam Dunn Cavelty and Andreas Wenger consider that the IRGC’s Cyber Army is now one of the main players in the field of “cyber-enabled influence activities.”

Objectives and Message of Iran’s Cyber-Enabled Influence Activities

Remarkably pragmatic, the long-term goals of Iran’s cyber-influence activities are to ensure the regime’s survival, the preservation of its political independence and economic autonomy, and the projection of its ideological influence regionally and internationally. In the short and medium terms, Iranian audiovisual strategy aims to deter adversaries from any form of intervention, to thwart their designs, to deceive their armed forces, and to convince world public opinion of the robustness of the Islamic regime while fighting systematically and in all its forms Western and pro-Western influence.

Aligned with these strategic objectives, the message sent by Iranian cyber-diplomacy is above all intended to convey a positive image of the Islamic Republic. Consequently, one of its main slogans (shoar) is to convince the world that Iran is both open and tolerant while at the same time fighting what the regime calls “Iranophobia” (in Persian Iran Harāssi) allegedly emanating from its adversaries’ propaganda. This multipronged self-promotional effort combines “white propaganda,” i.e. transparently accountable, and “black propaganda,” that is to say “with seemingly no visible ties to Iran to launder Iranian propaganda to unsuspecting users.” Beyond the Middle East and in order to cultivate Iran’s international image as a champion of Islamic resistance against Western powers, Tehran’s cyber-diplomacy seeks to enhance its reputation as an anti-imperialist force in non-Muslim countries of Latin America and sub-Sahara Africa. Iran’s media breakthrough in Latin America is specifically aimed at creating a permanent footprint in Washington’s courtyard.

While boosting the Islamic Republic’s reputation, Iran’s cyber-enabled influence activities also strive to discredit its regional rivals: Israel, Saudi Arabia, the United Arab Emirates, and Gulf Cooperation Council countries. Essentially, it is to present Israel as a lackey of Western imperialism and to portray Gulf monarchies as corrupt regimes and subservient to Washington’s interests. Iran’s Cyber Army and its proxies also push this logic of denigration further by directly seeking to destabilize the United States by means of exploiting ideological divisions in American society and intentionally promoting polarizing subjects. In his study entitled “Iran’s Cyber influence Campaign against the United States,” Itay Haiminis shows how Iran’s cyber-diplomacy has deliberately exploited societal themes such as racism and police brutality to inflame passions and exacerbate ideological rifts between different socio-political groups: liberals vs. conservatives, Republican vs. Democrats, African Americans vs. Caucasians, migrant rights advocates vs. immigration opponents, etc.

Stealth and Persuasion by Proxy

At first centralized, Iran’s cyber-diplomacy has been gradually shifting towards a “bureaucratic-entrepreneurial” architecture aimed at minimizing the regime’s direct involvement and outsourcing as much to non-official, private, or foreign intermediaries. To hide all traces of direct involvement while reducing operating costs and leveraging the know-how and credibility of its external partners, Iran’s cyber-army has invested in developing a vast network of disinformation entities operating under false identities. By the end of 2018, Iran was suspected of using thousands of fake private accounts on social media platforms such as Facebook and Twitter to run a worldwide disinformation campaign. In the same vein, this strategy of persuasion by stealth consists of impersonating real news organizations by, for instance, mimicking the name, logo, and visual branding of Al Arabiya (May 2019) or by “typo-squatting” popular Facebook pages (November 2020). In 2021, experts agree that Iran is one of the countries that most often uses these types of disinformation by proxy and “influence laundering” methods.

Beyond targeting specific individuals and audiences, Iran’s cyber-enabled activities also involve large-scale manipulation operations intended for influencing the outcome of major electoral processes. For instance, at the end of January 2019, Israeli authorities accused Iran of trying to shape election results in Israel by means of fake network accounts. Washington and London have also highlighted Tehran for utilizing “coordinated inauthentic behavior” through fake social media pages, groups, and accounts targeting politics and elections in the United States and United Kingdom. Due to their strategic importance, U.S. electoral polls have been a favorite target of cyber-mercenaries working on behalf of the Islamic regime. Iranian cyber-influence hacktivists have, for instance, tried to meddle into the 2018 mid-term elections even though, as Dunn Cavelty and Wenger note, relying on much less refined means than those available to Russia and China. The following year, pro-Iranian cyber-campaigners attempted to shape the outcome of the 2020 U.S. presidential election. An investigation carried out by major U.S. intelligence agencies concluded that: “Iran carried out a multi-pronged covert influence campaign intended to undercut former President Trump’s re-election prospects.” This potpourri of genres also involves a certain amount of collaboration with other states. In particular, U.S. authorities expressed concerns about the Iranian coordination of influence activities with China and Russia aiming at disrupting internal American politics. As early as 2019, Washington warned that Iran, Russia, and China were coordinating their efforts to undermine public faith in U.S. democratic institutions.