Cybersecurity experts are warning of an increasingly sophisticated wave of cyber operations linked to Iran, driven by artificial intelligence tools and years of accumulated personal data. Analysts say the evolution of these tactics is making attacks more precise, scalable and potentially disruptive to governments, corporations and critical infrastructure worldwide.

According to Israeli cyber policy specialists, networks associated with the Islamic Revolutionary Guard Corps (IRGC) and affiliated actors have shifted from broad phishing campaigns to highly targeted, AI-enhanced spear-phishing operations.

AI Boosts Precision in Spear-Phishing Campaigns

Early Iranian cyber efforts relied largely on mass email phishing attempts. Over time, however, threat actors have reportedly gathered extensive personal data through fraudulent websites, manipulated social media profiles and coordinated email campaigns.

That data is now being leveraged to craft targeted spear-phishing messages designed to impersonate trusted officials, institutions or corporate entities.

In 2024, suspected Iranian operatives attempted to impersonate representatives of the Israel Defense Forces (IDF) while targeting a former Israeli government spokesperson. Analysts say the attempt failed due to translation errors and technical inconsistencies. However, experts caution that AI-powered language models and deepfake technologies have significantly reduced such weaknesses, enabling attackers to produce more convincing emails, voice recordings and video content.

Security researchers warn that generative AI tools can now rapidly adapt tone, language and contextual details to specific victims — increasing the likelihood of successful compromise.

Trojanized Apps and Remote Surveillance Tactics

In one recent incident, cybersecurity monitoring firms identified a trojanized version of Israel’s Home Front Command mobile application circulating online. If installed, the malicious app could have granted attackers ongoing access to SMS messages, contact lists and GPS location data.

Other operations have involved counterfeit Google Meet invitations designed to activate victims’ cameras and microphones for remote surveillance.

Such tactics reflect a broader trend of blending social engineering with technical exploitation, creating layered attack chains that are difficult to detect early.

Post-October 7 Surge in Infrastructure Targeting

Cyber analysts report a marked increase in activity since the events of October 7. Initial phishing emails are often used as entry points into broader digital ecosystems, including industrial control systems connected to water utilities, power grids and transportation networks.

Attempts to infiltrate Israeli water infrastructure and networks associated with U.S.-based technology companies have been identified, according to multiple security assessments.

Countries in the Gulf region have also reported a rise in AI-enabled cyber incidents. Officials in several states credit coordinated monitoring platforms and intelligence-sharing mechanisms for helping neutralize threats before significant damage occurred.

Some experts suggest that regional cybersecurity cooperation frameworks strengthened after the Abraham Accords have improved collective defensive capabilities.

Disinformation and Psychological Operations

Alongside state-linked cyber activity, self-styled “hacktivist” groups such as Team 313 have claimed responsibility for various digital intrusions.

Analysts believe these groups are also engaged in psychological operations and coordinated disinformation campaigns aimed at amplifying political tensions and social polarization.

Security policy experts warn that while many countries have strengthened technical defenses, countering AI-generated misinformation remains a significant challenge. The growing availability of low-cost AI tools enables the rapid production of manipulated videos, synthetic audio clips and fabricated news content capable of eroding public trust.

Rising Hybrid Threats

Experts caution that the convergence of cyber and physical tactics represents an emerging frontier in hybrid warfare. Lessons from the Russia-Ukraine conflict have heightened awareness of how cyberattacks can complement conventional military operations.

However, preparedness levels vary widely across sectors and regions.

As AI-driven cyber capabilities mature, analysts expect increasing pressure on global security frameworks. Governments and private organizations may need to invest more heavily in AI-based defensive systems, cross-border intelligence sharing and resilience planning to counter increasingly adaptive threat actors.

The warning from cybersecurity specialists is clear: artificial intelligence is not only transforming innovation and commerce — it is reshaping the battlefield of digital conflict.

Following the death of Supreme Leader Ayatollah Ali Khamenei, Iran has imposed a strict nationwide internet blackout to curb potential protests and maintain public order. Despite these measures, videos documenting missile strikes, bombings, and street demonstrations continue to circulate on social media, raising questions about how digital content is still escaping censorship.

Satellite Internet Access

Technical analysts suggest that limited satellite internet connectivity may remain operational for select users. Reports indicate that satellite terminals could have been smuggled into Iran through neighboring regions such as Dubai. These terminals may allow activists and journalists to bypass local internet restrictions and share content with the outside world.

Proxy and Encrypted Bridge Networks

Censorship circumvention tools, including encrypted proxy networks like Snowflake, are also enabling data transmission under blackout conditions. These systems create multiple digital “bridges,” splitting internet traffic into separate channels that are difficult for surveillance systems to monitor. Such tools allow users to upload restricted videos and images even when conventional connectivity is blocked.

Physical Data Smuggling

Traditional methods remain effective. Activists reportedly use pen drives, memory cards, and other storage devices to physically transport videos and photographs out of the country. Once these devices reach areas with internet access, the content is uploaded to social media platforms. While slower than online sharing, this method ensures information can bypass network shutdowns.

Limited Institutional Access Channels

Some internal networks and internet facilities, particularly those available to senior officials or select institutions, may still be operational. Experts believe content could leak from these channels, contributing to the continuous flow of restricted information abroad.

Why Complete Digital Control Is Nearly Impossible

Cybersecurity analysts, including the Future Crime Research Foundation, emphasize that fully blocking information in the digital era is nearly impossible. Evolving communication technologies and creative circumvention methods make absolute censorship unfeasible, even in highly restricted environments.

The situation in Iran remains tense, with international observers closely monitoring how information continues to flow despite extensive internet restrictions. These developments highlight the challenges of controlling digital content during periods of political unrest and the ongoing global struggle between information control and cybersecurity.

Europe is struggling to keep up with the scale and speed of modern cyber threats, and its current approach to digital security is no longer sufficient, the head of the European Union’s cybersecurity agency has warned. As cyberattacks grow more frequent and sophisticated, the gap between attackers and defenders is widening, leaving vital systems across the continent increasingly vulnerable.

Speaking from Brussels, the executive director of the EU Agency for Cybersecurity (ENISA) cautioned that Europe is “falling behind” hostile actors in cyberspace. He stressed that without a fundamental shift in strategy, the bloc risks losing control over the security of its digital infrastructure.

Rising Attacks, Real-World Consequences

The warning comes after a string of high-impact cyber incidents across Europe in recent years. Attacks have disrupted airport operations, interfered with democratic processes, and forced hospitals to suspend critical services, demonstrating that cyber threats now pose direct risks to public safety and economic stability.

Security analysts have recently highlighted an attempted breach of Poland’s power grid, reportedly linked to Russian actors. Meanwhile, Germany’s central bank has disclosed that it faces thousands of cyberattacks every minute, illustrating the relentless pressure on Europe’s financial institutions and government networks.

Cybersecurity Lagging Behind Geopolitical Reality

These challenges are unfolding amid a tense geopolitical environment. Europe is dealing with war on its eastern border, China’s expanding influence over global technology supply chains, and uncertainty surrounding long-term security cooperation with the United States. In response, many EU member states have committed to higher defence spending, while Brussels has increasingly prioritised strategic autonomy.

However, the ENISA chief warned that strengthening conventional defence without matching investment in cybersecurity leaves a dangerous blind spot. Cyber resilience, he argued, must be treated as a core element of Europe’s overall security architecture, not a secondary concern.

Push to Expand ENISA Falls Short

The comments follow a European Commission proposal to revise the EU’s Cybersecurity Act, which would give ENISA greater authority, a larger workforce, and a higher operational budget. Based in Athens, the agency currently employs roughly 150 staff, with modest expansion planned under the new proposal.

While welcoming the initiative, the agency’s leadership said the measures are insufficient given the scale of the threat. Comparisons were drawn with other EU bodies such as Europol and the border agency Frontex, which employ more than 1,400 and 2,500 personnel respectively and continue to receive substantial funding increases.

According to the ENISA chief, a simple upgrade will not close the gap. He argued that at minimum, the agency’s capacity should be doubled and supported by the creation of a robust, EU-level cyber infrastructure to counter years of underinvestment.

Threats Evolving Faster Than Defences

The pace of change in the cyber threat landscape has been dramatic. When the current ENISA leadership took office in 2019, around 17,000 software vulnerabilities were identified globally each year. By 2025, that number had climbed beyond 41,000.

More alarming is how quickly attackers now exploit these flaws. What once took weeks or months can now happen within a single day. The growing use of artificial intelligence by malicious actors has further accelerated their ability to detect, weaponise, and deploy attacks at scale.

Europe’s Dependence on External Cyber Infrastructure

Another concern raised was Europe’s long-standing reliance on US-based systems for managing and cataloguing software vulnerabilities. While these tools benefit European governments and companies, much of the responsibility and cost of maintaining them has fallen on American institutions.

The ENISA chief argued that Europe must assume a greater share of responsibility within the global cybersecurity ecosystem. In recent steps toward that goal, ENISA has begun operating its own vulnerability database and has taken on a more prominent technical role internationally.

A Narrow Window for Reform

Cybersecurity specialists warn that without rapid increases in funding, staffing, and coordination, critical sectors such as energy, healthcare, transportation, and finance will face escalating risks. As digital threats continue to evolve faster than defensive systems, the pressure on European institutions is only expected to grow.

The message from Europe’s top cyber official is clear: incremental changes are no longer enough. A comprehensive overhaul of the EU’s cybersecurity strategy is needed if the bloc hopes to defend itself effectively in an increasingly hostile digital world.