Cyber Incident Victim: Iran
Date:
Jan 2022
Location:
Iran
Summary
Iranian state television and radio broadcasts were disrupted by hackers displaying images of exiled opposition group leaders and anti-government messages, including calls for the supreme leader's death. Authorities attributed the intrusion to a sophisticated cyberattack, suggesting potential foreign involvement, while an exiled dissident group's spokesperson indicated internal supporters might have facilitated the breach. The incident exposed vulnerabilities in the state media's security infrastructure, echoing prior cyber disruptions targeting critical national systems like fuel distribution and railways, which were linked to outdated software and reliance on unsupported technology.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On January 27, 2022, multiple channels of Iran’s state television and two state radio stations experienced a broadcast intrusion during regular programming. At approximately 3 p.m., graphics suddenly appeared on screen showing the faces of exiled opposition leaders Massoud Rajavi and Maryam Rajavi from the Mujahedeen-e-Khalq (MEK) dissident group, accompanied by a superimposed message calling for the death of Supreme Leader Ayatollah Ali Khamenei. A male voice chanted "Salute to Rajavi, death to Khamenei," followed by a brief audio clip of Massoud Rajavi’s speech declaring opposition to Iran’s leadership. The intrusion lasted several seconds before regular news programming resumed. A social media account name claiming responsibility for the hack appeared during the broadcast, though MEK spokesperson Shahin Gobadi stated the group had no advance knowledge while suggesting it could have been orchestrated by MEK supporters or internal resistance units within state media. Iranian authorities immediately acknowledged the incident as a cyberattack and initiated an investigation into what they described as a major security breach of systems traditionally controlled by intelligence agencies, particularly the Revolutionary Guard.
The intrusion marked one of the most significant breaches of Iranian state media in years, occurring amid a series of high-profile cyberattacks targeting critical infrastructure. Previous incidents included October 2021 disruptions to Iran’s fuel distribution system that paralyzed gas stations nationwide and a railway system hack causing operational chaos. State TV official Reza Alidadi suggested potential foreign involvement in the broadcast hack, calling it a "complicated job" requiring specialized technology. Technical vulnerabilities were noted, including Iranian broadcast systems running outdated Windows 7 software without security patches and widespread use of pirated software. The incident drew parallels to a 1986 broadcast hijacking where exiled Crown Prince Reza Pahlavi’s anti-government message aired for 11 minutes, later revealed to have CIA involvement. Immediate consequences included public exposure of the breach on international media and renewed scrutiny of Iran’s cybersecurity defenses as authorities worked to contain reputational damage and investigate potential infiltration points within state media infrastructure.