Iranian-backed hackers managed to disrupt programs on a television streaming platform in the United Arab Emirates, Microsoft analysts said in a report published on February 6. Instead of the usual broadcasts, subscribers to this service discovered, astounded, a fake television news program “featuring a presenter apparently generated by AI” who launched a report on the war in Gaza. All preceded by this inscription: “We have no choice but to hack to send you this message.”

"I was watching BBC News at around 10:30 p.m. when the program was abruptly interrupted and heartbreaking images from Palestine appeared on my screen. I watched, transfixed, as my screen froze and a message from the hacker appeared in capital letters on a green background. This message was immediately followed by a news bulletin presented by an AI presenter. It was surreal and scary,” describes a Dubai resident interviewed by Khaleej Times. “All the channels we viewed displayed the same content,” says another user of the service.

Screenshot released by Microsoft of the AI-generated newspaper distributed by pro-Iranian hackers in the United Arab Emirates. ©Microsoft

On screen, the Guardian describes, the AI-generated reporter began “presenting unverified footage that purported to show Palestinians injured and killed during Israeli military operations in Gaza.”

Microsoft also reports hacks in Canada and the United Kingdom, specifying that the BBC was one of the targeted channels, but that the British public television group was not directly attacked by the hackers.

According to a report on Iranian cyberattacks against Israel issued by the Microsoft Threat Analysis Center (MTAC), these disruptions took place in early December and were the work of Tehran.

According to the Guardian, Microsoft analysts attribute the authorship of the cyberattack to a group known as "Cotton Sandstorm", which is not its first attempt. “Cotton Sandstorm (formerly Neptunium) is an Iranian state actor sanctioned by the U.S. Department of the Treasury for its attempts to undermine the integrity of the 2020 U.S. presidential election,” a previous security report from the IT company stated .

First Iranian influence operation using AI

Traces of this group of hackers were found on the messaging platform Telegram, where they published videos showing their hacking of three online broadcasting services and the use of a fake television news presenter, specifies the Guardian.

“This is the first Iranian influence operation detected by Microsoft in which AI played a key role in the dissemination of messages,” the analysis department of the technology multinational indicates in its report.

For the American IT giant, Tehran is behind this operation and other cyberattacks. In the weeks since the start of the war between Israel and Hamas, Microsoft says it has observed "collaboration between groups affiliated with Iran", including between hackers led by the Iranian Ministry of Intelligence and "cyber units of Hezbollah.

Read alsoIn Iran, gasoline distribution disrupted by an Israeli-American “cyberattack”

“The feat is not so much the production of a newspaper generated by AI, but having succeeded in inserting it in the right place,” comments Fabrice Popineau, teacher-researcher at the CentraleSupélec engineering school and specialist in artificial intelligence.

“The cyberattack did not directly target the television channel but the operator, not the transmitter but the receiver,” explains Nicolas Arpagian, vice-president of the HeadMind Partners firm, specializing in digital risk analysis.

A successful operation for this type of attack which is "agit-prop [agitation and political propaganda, Editor's note]", believes this expert. “From the moment you have people who feel it, live it in their homes, in their privacy, the goal is achieved.”

A campaign of cyberattacks

Iran seeks to make it known that it has the capacity to attack everywhere, even where it is least expected. In its report, Microsoft reveals that Tehran's cyber threat operations increased in the weeks following the October 7 Hamas attack in Israel: "Iran's activity quickly increased from nine groups followed by Microsoft and assets in Israel during the first week of the war to 14 two weeks after the start of the war. Cyberattacks increased from approximately one operation every two months in 2021 to 11 in the month of October 2023 alone ."

In late November, Iran-linked groups began expanding their cyberattacks beyond Israel, targeting countries allied with the Jewish state. On November 22, employees of a water agency in Pennsylvania, in the United States, discovered on the screens of their machines the logo of a group of Iranian hackers affiliated with the Revolutionary Guards, the Cyber ​​Avengers , accompanied by this message: "You have been hacked. Down with Israel. Any equipment made in Israel is a legal target for the Cyber ​​Avengers."

The message from the Cyber ​​Avengers, a group of hackers affiliated with Tehran, is displayed on the control screens of the Pennsylvania water company, November 25, 2023. © Microsoft

Pro-Iran hackers attacked Israeli-made programmable logic controllers (PLCs). These PLCs are processors for running an automation program in factories. They are used, for example, to control industrial manufacturing processes, such as machines and robotic devices on assembly lines. A criminal investigation was opened by the American police.

The France 24 summary of the week

invites you to look back at the news that marked the week

I subscribe

Take international news everywhere with you! Download the France 24 application