Iran launched an operation against the West this month, but not by menacing an oil tanker or targeting a U.S. drone.
In a social media gambit, the regime tried to stoke confusion. It stole the identity of a French diplomat in Jerusalem and had him tweet that Maryam Rajavi, head of the biggest Iranian dissident group, had visited archenemy Israel to set anti-Iran strategy.
Overall, Iran practices two-front cyberwarfare — hacking and trolling — just like U.S. adversaries Russia and China. In recent months, Tehran has stepped up attacks on U.S. computer networks to steal information and disable networks, officials say.
The cyberwarfare operations were launched as Iran is being boxed in by the Trump administration and its renewed economic sanctions.
Meanwhile, the National Council of Resistance of Iran, Ms. Rajavi’s group, held its annual “Free Iran” conference earlier this month in Albania, its home base. The group and its affiliated People’s Mujahedeen of Iran (MEK) are Iran’s most dangerous internal threats.
The ruling mullahs in Tehran often vow to destroy Israel. They calculate that a trending fake tweet will divert a resistive public’s attention away from Iran’s underperforming economy while undercutting the resistance’s appeal.
“Inside of Iran, the most senior officials of the regime keep publicly warning on the surge in the youth support for the MEK and the activities of the MEK resistance units,” Shahin Gobadi, an MEK spokesman, told The Washington Times.
“The need of the regime to resort to such a ploy could be better realized in the context of the regime’s overall state of affairs,” Mr. Gobadi said. “It is facing an explosive society, a crumbling economy and growing international isolation. In this situation, the mullahs’ only solution is resorting to stepping up suppression, more arrests, more terrorism abroad and intensifying the disinformation campaign against the resistance.”
The Twitter caper began July 23, when Fars News Agency, a mouthpiece of the Islamic Revolutionary Guard Corps, reported that Pierre Cochard, the French consul in Jerusalem, sent five tweets claiming Ms. Rajavi had visited Israel.
Within hours, Iranian operatives in Europe were retweeting the supposed Cochard posts.
The council sprang into action. Ms. Rajavi sent three quick tweets, employing one of President Trump’s favorite labels.
“Lies by IRGC News Agency regarding my illusionary visit to Israel shows regime’s desperation and need for fake news against Iranian resistance,” she tweeted.
The French Foreign Ministry also issued a statement denying the tweet. It said Mr. Cochard communicates only through official consulate accounts.
The Fars story said Trump legal counsel Rudolph W. Giuliani, an MEK supporter and conference attendee, arranged the Rajavi trip to Israel in which she supposedly discussed anti-Iran strategy.
That story was followed by the Mehr News Agency, a multilingual news site in Tehran tied to the ruling mullahs and Iranian Supreme Leader Ayatollah Ali Khamenei.
“According to tweets of the French consul general for Alquds (Jerusalem) Pierre Cochard, the Ring leader of the terrorist Mujahedin Khalq Organization (MKO) Maryam Rajavi has traveled to Tel Aviv to negotiate anti-Iranian measures with the Israeli regime’s PM Benjamin Netanyahu,” Mehr reported.
Michael Rubin, who monitors Iran from his post at the American Enterprise Institute, told The Times he analyzes the Cochard affair this way: “This probably is regime propaganda. The irony is they needn’t bother. First, most Iranians despise Rajavi for very real reasons and, second, most ordinary Iranians have no animus toward Israel. Iranians just want to rejoin the rest of the world, and it’s the regime’s ideological hatred toward Israel that prevents them from doing so. Ayatollah Khomeini [the Islamic republic’s 1979 founder] hated Jews, but 40 years of regime propaganda hasn’t convinced the rest of the country that they need to follow his lead.”
The cybersecurity firm CrowdStrike has been warning through press interviews that Tehran has ramped up its attempted attacks on U.S. government sites. The Iran-linked hackers rely on traditional phishing operations to coax computer users into opening a malware attachment.
In June, the Department of Homeland Security issued a special statement aimed at Iran. The warning came from Christopher C. Krebs, director of the department’s Cybersecurity and Infrastructure Security Agency.
“CISA is aware of a recent rise in malicious cyber activity directed at United States industries and government agencies by Iranian regime actors and proxies,” Mr. Krebs said.
“Iranian regime actors and proxies are increasingly using destructive ‘wiper’ attacks, looking to do much more than just steal data and money. These efforts are often enabled through common tactics like spear-phishing, password spraying, and credential stuffing. What might start as an account compromise, where you think you might just lose data, can quickly become a situation where you’ve lost your whole network.”