I Ran So Far
Welcome to Memetic Warfare. This week we’ll look at Iran, and I’ll take that opportunity to remind you of SNL’s best video on the topic, especially considering that Ahmadinejad has been in the news as of late.
Moving on, I came across an interesting post from Ahmad Batebi, an Iranian dissident.
Batebi was targeted by a phishing operation meant to take over his Telegram account, presumably because he’s involved in running a prominent channel:
Batebi added that he was sent AI-generated audio files to mimic the voice of someon else, and then he was sent a link to a “private Telegram group”. He noticed that the domain used “teiegram” instead of “telegram”, which looks similar in lower case as sent.
This is visible in the video he uploaded, as he recorded the entire interaction:
Checking out that domain finds some relevant subdomains - including other methods used, such as Microsoft Teams:
I’ll save everyone the trouble, but avoiding the Cloudflare IPs (104 and 172, and Google on 108), we can find some VPSes used by the operation, including from UltaHost and OVH.
OVH is less commonly used by Iranian actors, but UltaHost is frequently used by Iranians. Both used Russian domain name registration services also, which is quite common.
Moving on to other things Iranian, an Iranian hacker was arrested recently in Montenegro at the request of the FBI.
Kim Zetter has the best coverage of this IMO, tying it to a 2018 indictment of IRGC-linked cyber operators.
This will be an interesting one to keep an eye on for when any indictments or other documents come out.
I’ll conclude with a recommendation - check out Cognitive Warfare from Japan below. Kazuki is putting out great stuff already and worth of your follow.
That’s it for this week, thanks for reading.










