In recent days, a purportedly pro-Israeli Telegram channel called “Tears of War” has posted dozens of messages. Interspersed with heartfelt posts pushing for the return of hostages taken as part of the Oct. 7 Hamas assault, a narrative thread is quite clear: The Israeli government is to blame for the ongoing suffering of hostages’ family members, and decisions made by Prime Minister Benjamin Netanyahu, in particular, have sabotaged any chance at a ceasefire.

The narrative builds on broader news Monday that Hamas had agreed to an Egyptian and Qatari proposal for a ceasefire and hostage release, even as the Israeli government said the deal did not go far enough and pressed ahead with a controversial militaryassault in the southern Gaza city of Rafah.

Tears of War is most likely an Iranian-linked persona, exposed months ago by researchers and the Israeli government as a tool used to inflame tensions within Israel.

But this week’s messages, relentlessly hammering the narrative, represent part of the third stage of what Recorded Future’s Insikt Group said Wednesday is a yearslong Iranian-aligned influence operation it tracks as Emerald Divide.

Dating to 2021, the operation is working to “psychologically manipulate Israeli citizens to take real-world actions that exacerbate ideological divisions within Israeli society and undermine the Israeli government,” Sean Minor, senior threat intelligence analyst at Insikt Group, said in a new analysis shared exclusively with CyberScoop.

Emerald Divide can “dynamically shift influence operations” by continually adopting “new and innovative influence tactics and techniques,” Minor wrote, including using digital emailing campaigns hosted on a crowdfunding platform, social media reference landing pages, a geographic web-mapping platform and employing artificial intelligence-generated deepfakes, “likely increasing the ability to reach targeted audiences and drive engagement.”

Minor’s analysis tracks with previous broad observations that Iranian-linked cyber and influence operations were largely reactive in the immediate aftermath of Hamas’ Oct. 7 attack on Israeli targets. But now, seven months into what has turned into a grinding and devastating conflict, various Iranian-linked cyber and influence operations have adjusted and are using the conflict to further their respective goals.

The activity overlaps with operations tracked by Microsoft as Storm-1364. A February analysis from Microsoft’s Threat Intelligence Center highlighted the group’s ability to rapidly adjust on the fly.

“The speed at which Storm-1364 launched this campaign after the October 7 attacks highlights this group’s agility and points to advantages of influence-only campaigns, which may be faster to form because they do not need to wait on cyber activity of a cyber-enabled influence operation,” Microsoft said at the time.

Emerald Divide’s operation can be split into three phases that each have distinct objectives and corresponding narratives, according to Minor. The first phase sought to increase conflict between Israel’s ultra-Orthodox religious groups and the country’s LGBTQ+ community. The second aimed for political unrest by pitting those on the Israeli left versus those on the Israeli right, while the third and current phase sought to sow discontent among Israelis regarding the government response to the Hamas attacks.

Common through all three phases has been an ongoing shift to the messaging platform Telegram, likely in an attempt to avoid asset seizures or takedowns, Minor wrote. Another theme is the consistent use of generative AI, which “likely indicates advanced influence actors have adopted and implemented AI as a routine capability which will likely continue to improve over time with advances in technology as well as applying lessons learned through the repetition of operational employment.”

The group did have “limited” success in getting real people to participate in protests and other actions, Minor noted, which will “likely embolden” the operators who are trying to achieve objectives while obfuscating attribution and staying below the threshold of armed conflict.

“As the Israel-Hamas conflict continues, the campaign will also likely continue taking advantage of dynamic events related to Israel’s domestic political landscape to exploit corresponding psychological vulnerabilities,” Minor concluded. New developments within Israeli society will present opportunities for further Emerald Divide pivots, he said, such as legislative elections slated for October 2026.

The post How an Iranian-linked influence campaign pivoted after Oct. 7 attack on Israel appeared first on CyberScoop.

Leave a Reply

Your email address will not be published. Required fields are marked *

Explore More

CISA Releases Two Industrial Control Systems Advisories

April 23, 2024 0 Comments 0 tags

CISA released two Industrial Control Systems (ICS) advisories on April 23, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-051-03 Mitsubishi Electric Electrical

Threat Actor Claims Major Europol Data Breach

May 13, 2024 0 Comments 0 tags

A threat actor known as IntelBroker claims to be selling confidential Europol data after a May breach

X.com Automatically Changing Link Text but Not URLs

April 16, 2024 0 Comments 0 tags

Brian Krebs reported that X (formerly known as Twitter) started automatically changing twitter.com links to x.com links. The problem is: (1) it changed any domain name that ended with “twitter.com,”