The Islamic Revolutionary Guard Corps (IRGC) has developed a sophisticated cyber warfare strategy to monitor, censor, and repress dissidents within Iran and beyond its borders. Through online surveillance, digital censorship, hacking operations, and cyber propaganda, the IRGC systematically controls the flow of information, suppresses opposition voices, and manipulates public perception. This report examines how the IRGC’s cyber operations function, the impact on activists and journalists, and how Iranian dissidents and the global community can counter this growing digital threat.
1. The IRGC’s Cyber Warfare Strategy
A. Goals of the IRGC’s Cyber Operations
The IRGC’s cyber warfare efforts are designed to:
1. Monitor and track dissidents inside and outside Iran.
2. Suppress free speech through online censorship and content filtering.
3. Hack and disrupt opposition groups, both domestic and foreign.
4. Spread misinformation and propaganda to manipulate public perception.
5. Strengthen the regime’s control over digital infrastructure.
B. The Role of the IRGC’s Cyber Units
• The IRGC operates several elite cyber warfare divisions, including the Iranian Cyber Army and the Basij Cyber Council, which are responsible for online espionage, hacking, and digital suppression.
• These units work with government agencies, including Iran’s Ministry of Intelligence and Security (MOIS), to target activists, journalists, and opposition groups.
2. Online Surveillance: Spying on Iranian Activists and Citizens
One of the IRGC’s primary tactics is extensive digital surveillance, which helps track activists, journalists, students, and human rights defenders.
A. Internet Monitoring and Data Collection
• The IRGC monitors online activity using deep packet inspection (DPI) technology, which allows them to intercept and analyze internet traffic.
• Social media platforms such as Twitter, Instagram, and Telegram are heavily monitored, with authorities tracking users critical of the government.
• The regime uses fake social media profiles to infiltrate activist groups, gather information, and identify dissidents.
B. Hacking and Phishing Attacks
• The IRGC frequently conducts phishing attacks to steal login credentials and gain access to activists’ emails, social media, and messaging apps.
• Iranian security agencies often use spear-phishing emails disguised as human rights organizations, tricking activists into revealing sensitive information.
• Several high-profile hacking campaigns have targeted exiled Iranian journalists, opposition figures, and Western policymakers.
C. Targeting Iranian Diaspora and Foreign Journalists
• The IRGC extends its surveillance beyond Iran’s borders, targeting diaspora activists in the U.S., Canada, and Europe.
• Many Iranian dissidents living abroad have reported cyber harassment, threats, and hacking attempts orchestrated by IRGC-linked cyber units.
3. Digital Censorship: How the IRGC Controls Online Information
The IRGC enforces strict digital censorship policies, ensuring that independent media and opposition voices remain suppressed.
A. Internet Censorship and Content Filtering
• The Iranian regime operates the National Information Network (NIN), a state-controlled intranet designed to replace global internet access.
• Thousands of websites, including news agencies, human rights organizations, and social media platforms, are blocked.
• Iran ranks among the top three worst internet censors globally, with China and North Korea as its closest comparisons.
B. Social Media Restrictions and Bans
• Facebook, Twitter, Telegram, and YouTube are banned, forcing Iranians to use VPNs and proxy servers.
• Instagram and WhatsApp, two of the most widely used platforms in Iran, are regularly restricted during protests.
• Despite banning these platforms, the Iranian regime actively uses social media to spread pro-government propaganda.
C. Internet Shutdowns During Protests
• The IRGC frequently shuts down the internet during major protests, preventing activists from sharing videos and coordinating resistance.
• Notable nationwide blackouts occurred during:
• The 2019 fuel price protests, where over 1,500 people were killed by security forces.
• The 2022 Women, Life, Freedom protests, after the killing of Mahsa Amini by morality police.
• These shutdowns severely impact communications, isolating protesters from international support.
4. Cyber Attacks: Disrupting Opposition and Foreign Entities
A. Attacks on Opposition Websites and Media Outlets
• The IRGC’s hacker groups frequently attack independent news platforms such as Iran International, BBC Persian, and Radio Farda.
• Cyberattacks include DDoS attacks, website defacements, and hacking attempts aimed at shutting down critical voices.
B. Cyber Warfare Against Foreign Governments and Businesses
• The IRGC has conducted cyber operations targeting:
• U.S. and European government agencies involved in Iran policy.
• Saudi and Israeli infrastructure, including oil facilities and military institutions.
• Western financial institutions, attempting to disrupt economic sanctions enforcement.
C. Use of Ransomware and Cyber Extortion
• The IRGC has engaged in cyber extortion, hacking private companies and demanding ransom payments in cryptocurrency.
• Cybercriminals linked to the IRGC have targeted hospitals, banks, and energy companies, stealing sensitive data.
5. Spreading Propaganda and Disinformation
The IRGC manipulates public perception through coordinated disinformation campaigns.
A. Pro-Regime Troll Farms
• Thousands of government-backed social media accounts flood platforms with misinformation, portraying the IRGC as a defender of Iran’s sovereignty.
• State-controlled accounts attack activists, journalists, and political opposition figures online.
B. Fake News and Manipulated Narratives
• The regime fabricates stories about opposition leaders, labeling them as Western spies, terrorists, or traitors.
• IRGC-controlled media outlets exaggerate Iran’s military power, promoting nationalistic and anti-Western rhetoric.
C. Psychological Warfare
• The IRGC uses fear tactics to suppress dissent, including:
• Leaking private information of activists.
• Fake arrest warrants and threats against families of dissidents.
• Televised forced confessions of arrested protesters.
6. Global Responses to IRGC Cyber Warfare
A. Sanctions on Iranian Cyber Units
• The U.S. Treasury Department has sanctioned IRGC cyber divisions, including groups responsible for hacking and surveillance.
• The European Union and Canada have imposed similar restrictions, limiting Iran’s access to cyber technology.
B. Cyber Defense Strategies
• Western governments are working with cybersecurity experts to strengthen digital defenses against Iranian cyber threats.
• Tech companies are providing VPN access and secure communication tools to Iranian activists.
C. Support for Internet Freedom in Iran
• The United Nations and human rights organizations have condemned Iran’s internet shutdowns and censorship.
• Global initiatives support satellite internet technology, helping Iranians bypass regime-controlled networks.
7. Countering IRGC Cyber Threats: What Can Be Done?
A. Strengthening Cybersecurity for Activists
• Activists must use encrypted messaging apps like Signal and ProtonMail.
• Digital security training should be expanded to help Iranians protect their online identities.
B. Expanding Access to Uncensored Information
• Governments should invest in VPN technology and alternative internet access, such as satellite internet.
• Supporting independent Persian-language news agencies will help counter state-controlled propaganda.
C. Holding the IRGC Accountable
• International organizations must pressure Iran to end cyber surveillance and internet censorship.
• Sanctions enforcement must be strengthened to disrupt Iran’s ability to acquire surveillance technology.
Conclusion
The IRGC’s cyber warfare tactics have made it one of the most dangerous digital threats to free speech, activism, and global security. Through spying, censorship, cyberattacks, and disinformation, the regime seeks to control narratives and suppress dissent. However, global efforts, cyber defense strategies, and digital resistance can help counter these threats and support Iranians in their fight for freedom.
Join Our Newsletter!
Stay informed with the latest updates, news, and ways to take action in the fight for justice and global security. Sign up now to get updates delivered straight to your inbox!
