Cyber Incident Victim: Iran
Date:
Jan 2022
Location:
Iran
Summary
Iranian state television and radio broadcasts were disrupted by hackers displaying images of exiled opposition group leaders and anti-government messages, including calls for the supreme leader's death. The incident, claimed by a social media account linked to dissident supporters, involved multiple channels and marked a significant breach of the tightly controlled media apparatus, with officials suggesting potential foreign involvement. This intrusion followed prior cyberattacks targeting critical national infrastructure, including fuel distribution and railway systems, highlighting persistent vulnerabilities in the country's networks.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On January 27, 2022, multiple channels of Iran’s state television and two state radio stations experienced an intrusion during regular afternoon programming. At approximately 3 p.m., broadcasts were interrupted for several seconds by superimposed images showing Massoud and Maryam Rajavi, leaders of the exiled opposition group Mujahedeen-e-Khalq (MEK). A male voice chanted "Salute to Rajavi, death to Khamenei," followed by a brief audio clip of Massoud Rajavi stating, "Today, we still honor the time that we declared death to the reactionary. We stood by it." A social media account name claiming responsibility for the hack appeared on screen, though the MEK’s Paris-based spokesperson, Shahin Gobadi, did not directly claim involvement while suggesting supporters within Iran’s broadcasting infrastructure might have facilitated it. Iranian authorities immediately acknowledged the breach and initiated an investigation. Reza Alidadi, a senior state TV official, characterized the intrusion as a "complicated job" potentially involving foreign technological assistance but provided no specific evidence. The incident marked the first major breach of Iran’s state media in years, despite these systems being tightly controlled by intelligence agencies and the Revolutionary Guard.
The hack disrupted critical state propaganda channels and exposed systemic vulnerabilities in Iran’s media infrastructure. This incident followed a pattern of recent cyberattacks against Iranian systems, including October 2021 assaults on fuel distribution networks that paralyzed gas stations and a railway system hack causing operational chaos. Iran’s reliance on outdated technology, such as Windows 7 systems without security patches and widespread use of pirated software, compounded these vulnerabilities. While no group formally claimed responsibility, the intrusion amplified political tensions amid stalled nuclear negotiations with world powers. State TV resumed normal operations shortly after the breach, but the incident drew parallels to a 1986 broadcast hijacking where exiled Crown Prince Reza Pahlavi delivered an anti-government message—an operation later linked to CIA involvement. Iranian officials did not attribute blame to specific actors but framed the event as part of broader hybrid threats against the Islamic Republic’s stability.