The RFI process includes any specific time-sensitive ad hoc requirement for intelligence information or products to support an ongoing event or incident not necessarily related to standing requirements or scheduled intelligence production.
When the Cyber Threat Intelligence Center (CTIC) submits an RFI to internal groups, there is a series of standard requirements for the context and quality of the data requested.
Social media influence operations gained significant attention after the 2016 United States Presidential election. Since then, reports exposing operations of this type increased with frequency and depth. Increasingly sophisticated Iranian cyber influence operations show the past success of such activities to disrupt planned events, both kinetic and virtual. Learning from past operations and expecting adjustments to regime tactics highly likely led to the diminishing success of online regime activities for now.
Priority Intelligence Requirements are hardly static in nature. They are stakeholder-driven. Intelligence professionals should follow the instructions in the following document to assist in preparing and managing intelligence requirements. PIRs may have technology components but they should not be driven by indicators of compromise (IoCs). IoCs help identifies malicious activity already in your environment and should align to cyber hygiene actions. Download the file below.
Since 2019, massive demonstrations against Iran and its influence broke out in Iraq and Lebanon, followed by internal protests against Iran's totalitarian ideology. Internally, Iranians are demanding the dissolution of the clerical regime. Demonstrations occur daily in Iran with protests over inflation, economic disparities, water shortages, teacher pay, soaring food prices, and unemployment. The government meets these demonstrations with brutal repression, killing hundreds. Physical confrontations lead to arrests, and arrests lead to torture. Torture leads to panicked confessions elicited under extreme duress. The government uses this information to arrest other Iranians in an ongoing dragnet used to preserve the theocracy. Iranian citizens want their own identity, not the transnational community of believers that is the ummah, as Khomeini prefers. Instead of a national identity, Khomeini pushes the doctrine of velayat-e faqih, meaning the supreme guardianship of the Islamic jurist – better known as a system of governance justifying the rule of the clergy over the state. The religious leadership controls all political and religious authority. All Iran's critical decisions run through the supreme leader. The supreme leader governs all organs of Iran. No one has any say over the conduct of the supreme leader. Anything contrary to his word is considered direct disobedience to Allah. Iran rules by way of violence. The supreme leader established a brutal theocracy that has run out of ideas, surviving under the auspices of fascist rule.
Many people in Iran are not allowed to have an education or work because of their religion. Because of their beliefs, even more are jailed or murdered in the streets and prisons. In addition, the regime repeatedly calls ordinary citizens and activists traitors and spies. The National Information Network, better known as the Iranian intranet, filters most internet traffic while interrogating content for anything contrary to revolutionary ideals. The government fears open discussion, the free flow of information, and thought. Soon, the government will pass a law criminalizing the production and distribution of censorship circumvention tools while authorizing more in-depth electronic surveillance. These are the last gasps of a government on the downward slope of its tenure.
In the report, Iranian Influence Operations, dated July 17, 2020, Treadstone 71, we had noticed spikes in Twitter activity surrounding specific hashtags. The primary hashtag targeted Maryam Rajavi. Maryam Rajavi is the leader of the People's Mujahedin of Iran, an organization trying to overthrow the Iranian government, and the President-elect of its National Council of Resistance of Iran (NCRI). July 17, 2020, represented the #FreeIran2020 Global Summit online for the NCRI. The report tracked Twitter and other social media activity surrounding the Global Summit.
The 2022 Global Summit begins this weekend. We noticed increased Iranian social media activity mirroring the same negative type posts against the People’s Mujahedin of Iran leadership. Current postings are likely preparing for new operations using social media to counter any opposition messaging. The most recent posts again reflect the use of antagonizing hashtags including #Maryam_Rajavi_is_terrorist and hashtag used in 2020. Read the new report.
Iranian Influence Operations - July 2020
Treadstone 71 monitors Iranian cyber and influence operations. On July 17, 2020, we noticed spikes in Twitter activity surrounding specific hashtags. The primary hashtag (مريم_رجوي_گه_خورد ) targeted Maryam Rajavi. For example, Maryam Rajavi is the leader of the People's Mujahedin of Iran, an organization trying to overthrow the Iranian government, and the President-elect of its National Council of Resistance of Iran (NCRI). July 17, 2020, represents the #FreeIran2020 Global Summit online for the NCRI. The below report represents our assessment of an Iranian influence operation targeting the July 17, 2020 event.
Treadstone 71 assesses with high confidence that the Iranian government, likely the Ministry of Intelligence and Security (MOIS) using Basiji cyber team members, executed an influence operation targeting the NCRI and the July 17, 2020, online conference.
The intent of the 111,770 tweets likely included:
The MOIS effort is seemingly disjointed but, in fact, is a highly coordinated disinformation campaign. The program involves many fake accounts posting hundreds of tweets during a specific time. The posts use hashtags and direct targeting of political figures to gain maximum attention and, subsequently, more retweets.
Read the report.
Russian Cyber Warfare - Russian Cyber Army surrounding KILLNET and the Xaknet Team. Including infoccenter, beregini, from russia with love
|Treadstone 71 Russian Cyber Warfare Actors and Groups - July 2022-Copyright.pdf.||VAu001475615|
China is also removing negative historical narratives unsuitable to its interests and rooted in old stereotypes. At the same time, China amplifies its achievements as justified, given historical imperial Chinese leadership combined with current global strength. One such industry is the entertainment business and particularly Hollywood. China does not hide its investment strategies, as evidenced by the Belts and Roads initiative. Notice the investments in movies with an influx of production companies and characters all showing China as a hero as part of the movie funding requirements.