Iran International, the London-based opposition TV network, was attacked by a state-linked Iranian hacker group, resulting in a massive data breach, with hackers claiming to have extracted information on 71,000 contacts while Iranian authorities celebrated the attack. On 11 July 2025, Amwaj Media reported that the hacking group Handala allegedly accessed Iran International’s servers, internal communications, and contributor data, while Tehran prosecutors warned of legal action against those who work with the channel. The article begins:
The story: Hackers allegedly linked to Iran say they have breached London-based Iran International’s systems and extracted data on 71,000 contacts. Iranian state media have hailed the operation against the TV network, which authorities denounce as a propaganda vehicle for Israel’s Mossad spy agency. Meanwhile, prosecutors in Tehran have warned of legal action against those who work with the channel. The incident coincides with heightened scrutiny of alleged foreign infiltration in the aftermath of Israel’s recent attack on Iran. The coverage: Iranian media on July 8 reported that a hacking group known as Handala had “fully hacked” Iran International—allegedly accessing servers, internal communications and contributor data.
Key Points
- Handala hacking group claimed to extract data on 71,000 contacts from Iran International’s systems, specifically targeting journalist Mojtaba Pourmohsen with Mossad allegations
- Iranian hardline media celebrated the breach as a “precise strike” against a “network supporting Israel” and called for punishment of alleged collaborators
- Iran International confirmed the breach but linked it to prior cyberattacks by “Banished Kitten,” which the network ties to Iran’s Intelligence Ministry
- Tehran prosecutor Ali Salehi warned of legal action against network collaborators while conservative outlets demanded executions similar to the 1988 mass prisoner killings
Iran’s Cyber Hacking Operations: Global Influence and Digital Warfare
Iranian cyber operations have emerged as a multifaceted tool for geopolitical influence, combining state-backed hacking groups, AI-driven disinformation campaigns, and covert networks to destabilize adversaries and shape global narratives. Recent intelligence reports highlight rising threats against UK dissidents and journalists, while covert networks in Europe exploit academic and cultural partnerships to advance Tehran’s ideological agenda. Iranian actors have pioneered AI-generated propaganda on platforms like TikTok, fabricating military imagery and amplifying anti-Israeli sentiment across multilingual audiences.
These efforts align with the activities of groups like Charming Kitten (APT35), which employs advanced phishing campaigns to compromise activists and policymakers, and Elfin (APT33), known for critical infrastructure attacks in energy and aviation sectors. Analysts warn that as Iran faces increased military and economic constraints, it is likely to intensify its reliance on cyber operations and proxy actors to project power, a pattern consistent with broader trends in asymmetric warfare. Recent advisories from Western cybersecurity agencies highlight the escalation of these threats and the growing sophistication of Iranian tactics, particularly in targeting critical infrastructure and leveraging AI-driven disinformation.
External References:
Disclaimer
The Global Influence Operations Report (GIOR) employs AI throughout the posting process, including generating summaries of news items, the introduction, key points, and often the “context” section. We recommend verifying all information before use. Additionally, images are AI-generated and intended solely for illustrative purposes. While they represent the events or individuals discussed, they should not be interpreted as real-world photography.
PREVIOUS POST