Welcome to Memetic Warfare. This week we’ll take a look at an interesting IO/HUMINT operation run overtly by Iranian actors targeitng Israel, part 3 of the “KittenBusters” leaks of an Iranian APT and take a brief look at Open AI’s latest threat report.

The operation, called “The Iranian Code” in Hebrew, and describes its objectives in its about section: “intelligence monitoring”, “security monitoring”, “regional influence”, “professional tracking of the Zionist regime”.

It’s comprised of a few assets - a LinkTree account, Twitter, Telegram and most interestingly, Tox, an encrypted messaging app commonly used by cybercriminals to communicate (reasonably) securely, in this case used to to contact potential recruits.

Most of the activity takes place on its Twitter account.

The really interesting part is that it engages in both overt IO alongside the above human asset recruitment.

For example, it tries to dox members of an Israeli flight squadron:

It also claims to have been the first to exposed details of Israel’s alleged nuclear program:

The Tox part is especially interesting. We’ve seen Iranian actors experiment with blockchain, Telegram, Onion sites and others, but I don’t recall Tox, which is more anonymous/secure than others and is very commonly used in criminal forums online.

From there, we have cases in which the Iranians try to dox Israelis by matching identifying details, such as jewelry and watches and then putting together content around that:

I also want to examine chapter 3 of the latest “KittenBusters” leaks. The most interesting document (to me, at least) was one from “Afog Media Institute” - an organization I’ll have to look more into, whether it’s separate or just the name for their IO section.

The document describes their operational goals in targeting Israel in a cyber-enabled IO perspective, such as:

• Deploying ransomware for “media exploitation”

• Use of the Moses Staff front to amplify cyber operations

• Promoting the Israeli “Black Flags” protest movement

• Launching a recruitment site that would send text messages to Israeli military/government personnell with their personal information to recruit them

• Running influence operations in Israel targeting Israel’s “fake identity and fragmented social structure”. Should be on the lookout for anything with titles close to “Zion 24” or Israel and mirrors.

We’ll conclude with what would usually be an opener, Open AI’s latest threat report. I’ll be honest, I don’t really have much to add here. It’s a bit light, and I hope truly that we aren’t seeing them go the way of Meta or otherwise.

There’s a section that they say probably isn’t Spamoflauge but seems to be to me:

It was nice to see uses of ChatGPT for non IO/cyber purposes:

That’s kind of it for this one to be honest, give it a read if you want. Hopefully the next one has more interesting and new stuff.