Use Case · Iran & Adversarial AI
Iranian cyber operations are frequently described as less sophisticated than Russian or Chinese counterparts. That framing misses the point entirely. Iran has built a highly effective asymmetric capability — disciplined espionage, deliberate proxy orchestration, expanding OT targeting — not despite its resource constraints, but because of them. And AI is the force multiplier that changes the equation.
Iran's cyber program is not a monolith. It is built around two distinct institutions with different missions, different organizational cultures, and deliberately overlapping operations. The IRGC Cyber-Electronic Command (IRGC-CEC) reports through the IRGC chain directly to the Supreme Leader and prioritizes offensive operations, disruption, and sabotage aligned to military objectives. The Ministry of Intelligence and Security (MOIS) operates with greater independence — historically more technical in its tradecraft — and focuses on long-dwell espionage, signals collection, and sustained access to high-value targets.
Both institutions operate affiliated APT groups. IRGC-linked actors include APT35 (Charming Kitten / TA453), APT42, and CyberAv3ngers. MOIS-linked actors include APT34 (OilRig), MuddyWater, and Agrius. The 2025 National Security Strategy explicitly identifies Iran as a tier-one cyber threat — not because their technical sophistication matches Russia or China across the board, but because their target selection is disciplined, their persistence is high, and their willingness to accept operational risk during periods of geopolitical tension is demonstrated.
What spans both institutions — and is not owned by either — is the information warfare and hacktivist proxy layer. Iranian information operations and hacktivist proxy orchestration are shared capabilities that both IRGC and MOIS leverage depending on the objective. The proxy layer gives Iran plausible deniability for operations that would otherwise carry attribution risk.
Iran has spent years deliberately cultivating hacktivist proxies that conduct state operations while presenting as ideologically motivated independent actors. When CyberAv3ngers claimed responsibility for attacks on U.S. water and wastewater infrastructure in late 2023, they presented as ideologically motivated. Within weeks, the U.S. Treasury sanctioned six IRGC-CEC officials for directing the operation. CyberAv3ngers is IRGC-affiliated — the hacktivist presentation is doctrine, not description.
The attribution challenge: Iranian threat actors are specifically designed to confuse attribution. The proxy layer is not incompetence — it is doctrine. Analysts who cannot see through the proxy layer are making defensive decisions based on incomplete intelligence. Understanding whether a given operation is IRGC-directed, MOIS-directed, or genuinely independent requires access to Persian-language sources and institutional context that English-language reporting does not provide.
Iran's sabotage and disruption capability extends well beyond OT and ICS targeting, though that remains the most visible dimension. The Unitronics PLC compromises of late 2023 — documented in a CISA-NSA joint advisory — compromised dozens of U.S. water, wastewater, energy, food and beverage, and healthcare systems. No zero-day, no sophisticated exploit: Shodan reconnaissance, default credentials, direct access. By April 2026, a further joint advisory confirmed Iranian-affiliated actors actively compromising Rockwell Automation CompactLogix and Micro850 PLCs — the same technique, expanded target set. CyberAv3ngers — the IRGC-affiliated group behind these campaigns — was documented by OpenAI in October 2024 using ChatGPT to conduct ICS reconnaissance, identify Shodan queries, confirm default credentials, and understand OT protocols. AI did not give them new capability. It compressed weeks of background research into a single session.
Wiper malware is the other dimension of Iranian sabotage that gets underreported. Agrius — a MOIS-affiliated actor — deployed the Apostle malware disguised as ransomware. The decryption capability was never real. The goal was data destruction, wrapped in the presentation of financially motivated crime to provide plausible deniability. This mirrors the Shamoon wiper campaigns of 2012, 2018, and 2020 — destructive operations designed to maximize operational and psychological impact while blurring attribution. The evolution from overt sabotage to destruction-disguised-as-ransomware is a deliberate doctrinal shift, not a capability limitation.
Cybercrime as a category has emerged as both a revenue stream and a cover mechanism. Nemesis Kitten — part of the APT35 cluster, operated by private contractors Afkar System and Najee Technologies on behalf of the IRGC — ran ransomware and crypto-mining campaigns alongside official intelligence collection, exploiting Log4J vulnerabilities against U.S. public entities. In April 2024, the DOJ and Treasury sanctioned individuals linked to Mahak Rayan Afraz, an IRGC-CEC front company whose operators were running ransomware extortion for personal enrichment using state-provided tools and access. By 2025, Pay2Key had evolved into a professionalized ransomware-as-a-service operation on the I2P network, actively recruiting affiliates including from Russian cybercrime circles. The boundary between state-directed cyber warfare and opportunistic cybercrime has effectively collapsed — by design on Iran's part.
Iranian use of AI is not theoretical or anticipated. It is documented across multiple intelligence reporting cycles. In October 2024, OpenAI confirmed that CyberAv3ngers accounts had used ChatGPT to conduct ICS reconnaissance — querying Shodan parameters, identifying default credentials, and understanding OT protocols. OpenAI assessed these interactions did not provide capabilities beyond a conventional web search. That framing understates the operational impact. For a group activated in response to a geopolitical event with a specific retaliatory mandate, compressing weeks of background research into a single AI session is operationally significant regardless of whether the AI provided novel intelligence.
Crimson Sandstorm — an IRGC-linked actor — was documented by OpenAI in February 2024 using ChatGPT to generate phishing content, including emails impersonating an international development agency. AI addressed a specific Iranian constraint: English-language fluency convincing enough to pass scrutiny by native speakers. For actors conducting influence operations and targeted phishing against Western targets, AI-assisted writing removes one of the most reliable tells that previously identified Iranian spearphishing campaigns.
STORM-2035 — an Iranian threat activity cluster — used ChatGPT to draft news articles on the 2024 U.S. presidential election, the war in Gaza, and Israel's participation in the 2024 Olympics, posting them on progressive and conservative outlets simultaneously. The group also prompted OpenAI models to learn from existing social media comments and generate new ones in the same style — in English and Spanish — to scale coordinated inauthentic behavior across platforms. A Microsoft report from October 2025 confirmed that Iranian use of AI capabilities for cyberattacks has been steadily increasing and is helping hackers improve impersonation, intrusion, and disinformation operations.
The pattern across all three documented uses — ICS reconnaissance, phishing content generation, influence operation scaling — is consistent with Iran's doctrinal approach: use available tools to compress the gap between resource constraints and operational objectives. AI does not give Iranian actors capabilities they previously lacked. It makes existing capabilities faster, more scalable, and harder to detect. For a threat actor already effective at espionage and disciplined in operational patience, that acceleration is a meaningful force multiplier.
What this means for defenders specifically: Behavioral detection built at the top of MITRE's Pyramid of Pain — against what adversaries must do, not what artifacts they happen to leave — is the defense that survives AI-assisted evasion. MITRE ATLAS maps the threat landscape for AI-enabled attacks specifically. And validation exercises need to incorporate AI-augmented adversary techniques — because an annual pentest conducted without AI-assisted adversary emulation is not testing against the adversary that actually exists today.
This is the use case that the Doctrine Security framework is built around. Threat landscape analysis produces an adversary profile: IRGC-CEC or MOIS depending on your industry, with the proxy layer as an additional vector. Attack surface mapping identifies internet-exposed assets with default credentials — the Shodan-visible exposure that Iranian actors exploit first. Log intelligence analysis confirms whether you have the telemetry to detect credential exploitation against OT systems. Detection engineering builds against the specific techniques documented in CISA advisories and Treasury sanctions documents. Threat hunting looks for the behavioral precursors of long-dwell espionage — the patient lateral movement that characterizes MOIS-affiliated actors. Human security addresses the social engineering dimension, which AI is now making scalable. And validation tests detection coverage specifically against documented Iranian actor TTPs, not against a generic adversary profile.
Understanding Iranian threat actors requires more than reading English-language reports. The doctrine, the institutional relationships, the cultural and political pressures that shape operational decisions — these are visible in Persian-language sources and government statements that most analysts cannot access directly. The gap between what is visible in English and what is actually happening is the gap that native-language intelligence analysis closes.