Iranian AI Cyber Operations Enhance Info War
Geopolitical conflict and advanced technology integration are changing the global cybersecurity environment, as shown by a recent surge in state-sponsored cyber operations using artificial intelligence. Iranian state-sponsored and state-aligned threat actors have integrated AI to enhance their asymmetric operations during the 2026 conflict, improving capabilities in cyber operations, information warfare, military systems, and other areas. Threat groups like GreenBravo, MuddyWater, RedKitten, Dust Specter, Nimbus Manticore, and Ababil of Minab have adopted generative AI and Large Language Models (LLMs) to accelerate reconnaissance, malware development, and social engineering. This also expands the speed and scale of influence operations.
Observed campaigns in 2026 show this integration's significant impact. Phishing attacks targeting Gulf countries surged by nearly 130%, with cyberattacks in the UAE doubling in March 2026, largely attributed to AI-assisted operations. In addition to direct cyber intrusions, Iranian diplomatic accounts using AI-generated content amassed nearly one billion views and 22 million likes in 50 days, showing AI's effect on shaping perceptions during conflict. These developments demonstrate AI amplifies existing asymmetric tactics, rather than fundamentally altering core objectives. They also challenge traditional attribution methods.
This report details zero-day exploits affecting widely used enterprise and secure access solutions, including SonicWall SMA 1000 Series appliances and Microsoft SharePoint Server and Active Directory Federation Services. Also, a long-dormant China-linked kernel-mode rootkit, Daxin, has resurfaced in Taiwan, and a new Chinese-speaking APT campaign uses the ViPNet update system for stealthy operations against Russian entities. The collective activity shows increased adversarial innovation, where advanced persistent threats (APTs) use both novel vulnerabilities and AI techniques to achieve strategic objectives.
How Iran Uses AI to Enhance Cyber Operations
Iranian state-sponsored and state-aligned threat actors employ AI to accelerate and scale existing cyber capabilities across reconnaissance, code development, social engineering, and deniability. This strategic application of AI simplifies traditional tactics without changing the underlying tradecraft, which includes spearphishing, wiper malware, credential theft, and hack-and-leak operations. The observed enhancements suggest AI serves as a productivity tool for adversaries.
AI affects cyber operations in several ways:
- Reconnaissance and Operational Research: Threat actors, such as CyberAv3ngers, use LLMs like ChatGPT to research Programmable Logic Controllers (PLCs), identifying vulnerable Industrial Control Systems (ICS) devices and their default credentials within minutes. This capability lowers the expertise barrier for targeting critical infrastructure. An attack attributed to Cyber Isnaad Front on an Israeli industrial refrigeration system, requiring expertise in both Windows internal coding and refrigerant physics, suggests in-depth AI-assisted research into the target system.
- Code Writing and Malware Development: Groups like GreenBravo (APT42, Charming Kitten, Mint Sandstorm) use LLMs such as Gemini for debugging, code generation, and researching exploitation techniques, accelerating the development of specialized malicious tools. The GreenGolf (MuddyWater, Mango Sandstorm) group's Operation Olalampo delivered four novel malware families (CHAR, GhostFetch, GhostBackDoor, HTTP_VIP), with emojis in the CHAR backdoor's debug strings indicating AI model use in code generation. Similarly, RedKitten built a campaign targeting Iranian activists using LLM-assisted development for malicious Excel files deploying a C# implant, although this showed signs of hasty integration. Dust Specter (overlapping with APT34 or TAG-135) also used generative AI "fingerprints" in its TWINTALK and GHOSTFORM malware. During the Iran War, Nimbus Manticore used LLM-based tools for malware creation, and Ababil of Minab reportedly used ChatGPT to refine scripts for database enumeration and drops.
- Social Engineering and Phishing Operations: Iranian groups like APT42 employ Gemini to craft personalized, culturally specific phishing lures by providing target biographies, enabling "rapport-building phishing" through multi-turn, believable conversations. LLMs enhance foreign-language translation, leading to a surge in convincing, conflict-themed phishing emails. For example, phishing emails targeting Gulf countries surged by nearly 130% in 2026, with cyberattacks in the UAE doubling in March, often exploiting themes like the Israeli Home Front Command Red Alert application or "potential US ground operations in Iran."
- Deniability: AI agents facilitate plausible deniability by automating parts of the cyber operation lifecycle, obscuring TTP-based attribution. Generative AI allows for scalable creation of personas, narratives, and content that hide state involvement, stripping out behavioral fingerprints like code similarity, compilation timestamps, and working hours traditionally used for attribution. AI-driven obfuscation complicates forensic investigations and intelligence-sharing efforts, reducing the effectiveness of traditional attribution methodologies.
What Impact Does AI Have on Iran's Information Warfare?
AI enhances Iran's information warfare capabilities, increasing the speed, scale, and polish of propaganda production and dissemination. Since January 2026, pro-Iran influence networks and state-backed media have used AI-generated content to stoke anti-US, anti-Israel, and pro-regime sentiment, exaggerate military strength, and automate content propagation. This has resulted in a flood of synthetic content that often outpaces platform moderation and counter-messaging efforts.
Key aspects of AI's role in Iranian influence operations include:
- Stoking Anti-US, Anti-Israel, and Pro-Regime Sentiment: AI-generated "Lego" propaganda videos, produced by "Explosive Media," mock US and Israeli leaders, reference sensitive Western topics like the Jeffrey Epstein files and the death of George Floyd, and fuse narratives of vengeance against the US with solidarity for perceived victims. AI enables the rapid production of these two-minute videos within 24 hours, often accompanied by AI-generated rap songs. Iranian diplomatic accounts also published AI-generated content exploiting American pop culture, leading to nearly one billion views and 22 million likes in 50 days for provocative memes directly humiliating US leadership figures. AI is also used to legitimize the Iranian regime, such as an AI-generated anime-style video portraying the succession of Mojtaba Khamenei as a powerful figure.
- Inflating Military Effectiveness: Tehran uses AI-generated images and videos to inflate perceptions of its military capabilities, portray adversaries as vulnerable, distort assessments of the war's impact, and control narratives. Examples include false depictions of Iranian missile strikes on Tel Aviv, panicked civilians fleeing a fabricated airport attack, captured US special forces, and burning US facilities in the Gulf. AI-generated videos, such as one claiming the USS Abraham Lincoln was struck and ablaze, were amplified by state-affiliated media to strengthen control over wartime narratives and exaggerate battlefield successes. This also influenced international coverage. Chinese and Russian information networks further amplified these narratives, seeking to undermine the legitimacy of US strikes and highlight economic fallout.
- Fabricating Regime Support: During the January 2026 protests and subsequent wartime, AI-generated videos purporting to show enormous pro-government rallies circulated widely, aiming to manufacture the appearance of mass domestic support. Iranian state media aired debunked AI-generated content to counter anti-regime demonstrations. AI-generated imagery also depicted the US and Israel as instigators of the uprising and cast Crown Prince Reza Pahlavi as a pawn of Israel.
- Automated Propagation Through Inauthentic Accounts: AI enables the scalable amplification of narratives via networks of fake personas that disseminate false information. Storm-2035, a multilingual network operating across social media platforms, pivoted to pro-regime messaging within 24 hours of the February 28 strikes. These "creator" personas use AI-generated profile pictures for credibility and use LLMs to produce content in multiple languages. Another persona, Attack Alarm, repurposed itself from a missile-warning service to a pro-Iran narrative amplifier, sharing AI-enabled images of Iranian missiles and repackaging claims from hacker fronts like Handala Hack Team, Cyber Av3ngers, and Cyber Isnaad Front.
Is Iran Integrating AI into Military and Domestic Security Systems?
Iran has actively pursued the integration of AI capabilities into its military and domestic security systems, though the extent of their operational impact during the 2026 conflict remains a subject of analysis. While AI's role in military operations is less independently confirmed than in cyber and influence domains, Russia's assistance in drone technology and tactics likely facilitated some AI-enabled capabilities. Domestically, existing AI-driven surveillance infrastructure likely supported regime repression.
Specific areas of AI integration include:
- Military and Intelligence Operations:
- Drones: Ukrainian Defence Intelligence (HUR) found evidence of AI integration in Iranian-designed Shahed-136 drones (upgraded to "MS001" series, matching Shahed-236 in Russian documentation) deployed by Russia in Ukraine in June 2025. These drones featured an Nvidia Jetson Orin AI module and thermal imaging for autonomous target identification and terminal-phase guidance without GPS. Russia has also reportedly provided Iran with "modified" Shahed drones, including technology to improve communication, navigation, and targeting. Russia also offered "unjammable" drones with fiber-optic and satellite guidance. Russia's AI-enabled flight planning and mesh networking tactics for drones in Ukraine indicate a potential transfer of operational tradecraft to Iran. Iran claims its indigenous Shahed-161 drone features AI-enabled targeting and coordination.
- Missiles: Iran's pre-war rhetoric emphasized AI-enhanced missile capabilities for systems like the Abu Mahdi naval cruise missile and Fattah-2 hypersonic glide vehicle. However, wartime reporting from March-June 2026 does not independently confirm the operational use of AI-enhanced missile capabilities in strikes against the US, Israel, or Gulf partners. Instead, IRGC statements focused on traditional advantages such as massed salvos and penetration of air defenses. It is possible AI components were not discernible in post-strike forensics, or their use was not publicly disclosed.
- Naval Operations: Iran claims to have manufactured unmanned surface vessels (USVs) and unmanned underwater vehicles (UUVs) that use AI for autonomous commands, target attacks, intelligence operations, and other functions. Iran used explosive drone boats (USVs) in the 2026 conflict, such as the attack on the MKD VYOM oil tanker on March 1, 2026. Their autonomous AI guidance is not confirmed; they are likely remotely controlled or pre-programmed. AI use in submarine systems remains unproven, and conventional naval mines were likely deployed using established IRGC tactics.
- Domestic Security:
- FindFace Facial Recognition: An investigation by Forbidden Stories documented that Iran's IRGC- and MOIS-linked surveillance ecosystem has operated the Russian facial recognition system FindFace from NtechLab since August 2019. The system creates "social maps" of individuals' relationships and processes images for law enforcement, and was likely operational during the "Dey 1404" protests in January 2026.
- Surveillance Infrastructure: AI surveillance infrastructure, initially deployed to monitor hijab compliance after the 2022 Woman, Life, Freedom movement, was likely expanded to repress the December 2025 protests. This architecture includes deep packet inspection (DPI) technologies from Chinese telecom companies like Huawei and ZTE, and camera-based visual surveillance technology from Hikvision and Tiandy. Iran's collaboration with China and Russia continues to strengthen its AI-enhanced authoritarian capabilities.
Which China-Linked Malware Has Resurfaced in Taiwan After Years of Stealth?
The China-linked kernel-mode rootkit Daxin has resurfaced in 2026 in Taiwan, accompanied by a previously undocumented pre-login SYSTEM backdoor named Stupig. This activity was identified on a compromised host belonging to a Taiwan-based subsidiary of a multinational high-tech manufacturer. This shows a persistent, stealthy cyber espionage operation. The discovery in 2026 indicates that the operation, initially documented by Symantec in 2022 as targeting governments and critical infrastructure since 2013, never ceased but maintained a quiet presence.
Details of the resurfaced malware include:
- Daxin: This kernel-mode rootkit (
srt64.sys), first observed in 2013, employs an unusual command-and-control (C2) mechanism. Instead of establishing direct outbound connections, Daxin monitors incoming TCP traffic for specific patterns and hijacks existing legitimate connections for encrypted C2 communications. This method allows it to blend with regular network activity and interact with air-gapped systems through multi-hop communications, making it exceptionally difficult to detect with conventional network monitoring. The compromised host in Taiwan, where Daxin was found, also ran outdated Digiwin single sign-on (SSO) portal versions with end-of-life Java Development Kit (JDK) 1.5 and 1.6 installations from 2009-2011, potentially serving as the initial compromise vector. The long dormancy period shows the threat actor's capabilities and the potential for extended dwell times. For more on kernel-mode threats, see discussions on honeymyte kernel rootkit. - Stupig: This previously unreported DLL backdoor (
a.dllorkbdus1.dll) achieves persistence by registering as a keyboard-layout provider. It causeswin32k.systo load it intowinlogon.exeat system startup, appearing as a legitimate Microsoft DLL (kbdus.dll). Operating withinwinlogon.exe, Stupig monitors the Windows logon screen for usernames starting with "stupig." Any string following this prefix is interpreted and executed as a command with SYSTEM privileges. If no command is entered, it spawns a SYSTEM-level command prompt on the logon screen, providing pre-login access without raising logon audit events.
Both Daxin and Stupig carried compilation timestamps from early 2013, despite telemetry reporting not beginning until May 12, 2026. No code-level overlaps were identified. However, their co-deployment on the same host, complementary functions, and similar development practices, combined with matching timestamps, suggest they originate from the same threat actor. Another China-linked threat actor has been observed by Hunt.io using Anthropic Claude Code and DeepSeek models to automate intrusions against government and financial systems in Afghanistan, Thailand, Taiwan, and the U.S., using the AI for reasoning, exploit rework, and phishing page generation. This group uses TencShell C2 infrastructure. These advanced persistent threats show the broad reach and advanced tools of state-backed espionage. Information on knownsec cyber espionage leaks often covers such state-sponsored operations.
How Attackers Exploit SonicWall SMA 1000 Appliances
Attackers are actively exploiting two zero-day vulnerabilities, CVE-2026-15409 and CVE-2026-15410, in SonicWall SMA 1000 Series secure remote access appliances, including SMA6210, SMA7210, SMA8200v, and other models. These flaws are being chained together in real-world attacks to achieve significant compromise. This is a significant threat to organizations relying on these appliances for remote access. SonicWall publicly disclosed and patched these issues in mid-July 2026, with CISA adding them to its Known Exploited Vulnerabilities catalog.
The vulnerabilities function as follows:
- CVE-2026-15409: This is a serious, unauthenticated Server-Side Request Forgery (SSRF) flaw in the SonicWall SMA 1000 Workplace interface. It allows a remote attacker, without requiring authentication, to force the device to make requests to arbitrary internal or external locations. This vulnerability typically serves as the initial pre-authentication foothold in an attack chain.
- CVE-2026-15410: This is a post-authentication code injection flaw located in the Appliance Management Console. It allows a remote attacker, once authenticated as an administrator, to execute arbitrary operating system commands on the appliance. In observed attacks, CVE-2026-15409 provides the initial access, which is then escalated via CVE-2026-15410 to deepen control over the affected appliance.
The operational impact of chaining these flaws is severe, extending beyond initial device compromise. Attackers have extracted high-value credentials, active session databases, Time-based One-Time Password (TOTP) multi-factor authentication seed configurations, and other sensitive information. The compromised appliance then serves as a stealthy foothold for lateral movement into internal networks, with Rapid7 observing anomalous, VPN-less Active Directory authentications originating from the compromised appliance's internal IP address, indicating an unmonitored backdoor into directory infrastructure. Affected firmware versions include 12.4.3-03245, 12.4.3-03387, 12.4.3-03434, 12.5.0-02283, 12.5.0-02624, and 12.5.0-02800. Fixed versions are 12.4.3-03453+ and 12.5.0-02835+.
What Are the Implications of the Actively Exploited Microsoft SharePoint and AD FS Zero-Days?
Microsoft's July 2026 Patch Tuesday addressed two actively exploited zero-day vulnerabilities, CVE-2026-56164 and CVE-2026-56155, affecting enterprise infrastructure: on-premises SharePoint Server and Active Directory Federation Services (AD FS). These flaws are being actively exploited in real-world attacks. This shows the urgency for immediate patching and a complete security response.
The specific implications of each vulnerability are:
- CVE-2026-56164 (Microsoft SharePoint Server Elevation of Privilege): This vulnerability affects on-premises SharePoint Server installations. It is an elevation-of-privilege issue that is remotely exploitable in low-complexity attacks, requiring no credentials or user interaction. This makes it dangerous for internet-facing SharePoint deployments, allowing attackers to gain elevated privileges with minimal effort. While the exact exploit chain and responsible threat actor remain undisclosed by Microsoft, its remote exploitability and low complexity make it a high-priority risk.
- CVE-2026-56155 (Active Directory Federation Services Privilege Escalation): This flaw targets Active Directory Federation Services (AD FS) and enables privilege escalation from a low-privileged local foothold. Although it requires an attacker to have some local access, AD FS compromise is serious. AD FS is central to enterprise identity and trust, brokering authentication for other systems. Successful exploitation can allow attackers to pivot deeper into identity infrastructure, enabling broader lateral movement and control over an organization's authentication mechanisms.
The active exploitation of both vulnerabilities, especially the internet-facing SharePoint flaw, necessitates immediate patching. For SharePoint, enabling AMSI in Full Mode can offer additional protection, but installing the July updates is essential, as they also address other remote code execution and security bypass issues. For AD FS, the fix is part of broader Windows and Windows Server updates, complemented by hardening of the AD FS Distributed Key Manager container access control list. Defenders must inventory all on-premises SharePoint servers, patch them promptly, and review all externally reachable instances for unusual access or post-authentication abuse. Other tasks include monitoring for suspicious activity. Similarly, AD FS servers require immediate updates and review for suspicious local privilege changes or identity infrastructure abuse.
What New Malware Modules Use the ViPNet Update System?
A new APT campaign, active since at least May 2026, uses previously unknown malware modules launched through the ViPNet update system to target large Russian organizations in the government, energy, transport, education, and logistics sectors. This campaign, tentatively linked to an unknown Chinese-speaking APT group with low confidence, shows advanced DLL sideloading techniques for persistence and a multi-stage infection chain.
The malicious modules identified include:
- HelloInjector: This loader, named
wtsapi32.dll, is placed in theC:\Program Files (x86)\InfoTeCS\VIPNet Update Systemdirectory. It uses DLL Sideloading by exploiting theitcsrvup64.exeexecutable of the ViPNet update system, which runs at OS startup. HelloInjector's primary function is to inject its code into thesvchost.exeprocess and then launch the subsequent malicious payload. This initial stage uses a legitimate, signed process to mask the malicious injection. - HelloProxy: The payload delivered by HelloInjector, HelloProxy, acts as both a hidden proxy and a loader for additional modules. It operates by intercepting
NtDeviceIoControlFile,closesocket,shutdown, and other related functions using the Microsoft Detours library. This interception prevents premature socket closing and allows the malware to hinder user-mode security solutions. HelloProxy listens on ports 5003 and 5060, performs a specific handshake (0x0502bytes andASDFASFSAFASDFstring) with its C2 server, and can either proxy traffic or load and execute additional executable files in memory. - HelloExecutor: This backdoor is used for reconnaissance within infected networks. Observed commands include
query user,ipconfig /all,net user /do,net group /do, and directory listings of ViPNet installation paths and user directories. It also shows attackers launching a renamed legitimate PuTTY utility (frontpage.exe) fromC:\users\public\musicto establish an SSH tunnel to a C2 server (e.g.,5.39.253[.]206). The use of legitimate tools for tunneling demonstrates evasive tradecraft. - HelloCleaner: This module is specifically designed to clean ViPNet software log files, allowing attackers to hide their activities on the compromised system.
- HelloBackdoor: A Rust-based backdoor that accepts connections on port 443, activating upon receiving the string
47c6235b4d2611184. It supports commands for file upload (!upload) and file download (!down). It also stops its operation (!stop) by creating and executing a BAT file. If other commands are received, they are executed viacmd.exe.
The attribution to a Chinese-speaking APT group is based on an unused news.sina.com string within one wtsapi32.dll sample and the use of the mirrors.ustc.edu.cn mirror for Rust package downloads during HelloBackdoor compilation. These strings may be unintentional artifacts or "false flags." Given the targeted nature of the attacks against Russian sectors, this campaign represents a state-sponsored espionage effort. Organizations using ViPNet software should configure network traffic monitoring for ports 5003, 5060, and 443. They should also monitor for process injection into svchost.exe from itcsrvup64.exe or itcsrvup.exe for timely detection, and review system logs. Information on global espionage shadow campaigns often covers such advanced, multi-stage attacks.
Technical Takeaways
- AI Enhances Operations: Iranian state-sponsored actors use generative AI and LLMs to accelerate reconnaissance, malware development, and social engineering. This shows AI's capacity to significantly enhance existing asymmetric warfare capabilities.
- Persistent and Stealthy Kernel-Mode Operations: The re-emergence of the China-linked Daxin kernel-mode rootkit and the discovery of the Stupig pre-login backdoor show the longevity and advanced nature of state-sponsored cyber espionage campaigns. They maintain stealthy persistence for over a decade.
- Zero-Day Exploits in Widely Used Products: Actively exploited zero-days in SonicWall SMA 1000 Series (CVE-2026-15409, CVE-2026-15410) and Microsoft SharePoint Server (CVE-2026-56164) and AD FS (CVE-2026-56155) show the ongoing threat to perimeter and identity infrastructure. Immediate patching and forensic review are critical.
- DLL Sideloading for Initial Compromise: The HelloNet campaign's use of DLL Sideloading through the ViPNet update system (
wtsapi32.dllinitcsrvup64.exe) against Russian sectors illustrates how threat actors exploit trusted software components for initial access and persistence. - AI Changes Information Warfare: AI-generated content changes the speed, scale, and reach of state-backed influence operations. It enables rapid production of personalized narratives and automated propagation to shape public perception.