Full Report
The following is the Persian translation of the key findings from the Citizen Lab report titled We Think You Want a Revolution: PRISONBREAK – An AI-enabled Influence Operation Aimed at Overthrowing the Iranian Regime یافتههای کلیدی شبکهای هماهنگ متشکل از بیش از ۵۰ پروفایل غیرواقعی در ایکس (X)، که ما از آن به عنوان «پریزِنبریک»... Read more »
Analysis Summary
# Threat Actor: PRISONBREAK (پریزِنبریک)
## Attribution & Identity
**Identification:** A coordinated network of over 50 inauthentic profiles operating on X (formerly Twitter).
**Attribution Hypothesis:** The available evidence strongly suggests that an unspecified entity within the **Israeli government** or a closely monitored subcontractor is directly conducting the operation.
**Known Aliases and Associated Groups:** Referred to as "PRISONBREAK" by Citizen Lab. No explicit association with known state-sponsored groups is detailed, but the operation is framed within the geopolitical competition between the Islamic Republic of Iran and its international adversaries.
## Activity Summary
PRISONBREAK is conducting an **AI-enabled influence operation (IO)** aimed at inciting the Iranian public toward revolution against the Islamic Republic of Iran.
* **Timeline:** The network was established in 2023, but nearly all activity commenced in **January 2025** and continues to the present (as of the report date, October 2, 2025).
* **Campaign Coordination:** Activities appear to have been coordinated, in part, with the **Israeli Defense Forces (IDF) campaign** against Iranian targets in **June 2025**.
* **Engagement:** While overall genuine engagement with the network’s content seems limited, some posts have achieved tens of thousands of views, likely boosted by placement in large, public X Communities and potential payments for promotion.
## Tactics, Techniques & Procedures
The operation primarily relies on network manipulation and leveraging AI for influence:
* **Inauthentic Coordination:** Use of a coordinated network of over 50 inauthentic, non-human profiles.
* **Influence Operations (IO):** Executing an information warfare campaign aimed at regime change.
* **AI Utilization:** The operation is explicitly described as "AI-enabled" (specific mechanics not detailed in the translated summary).
* **Platform Abuse:** Utilizing X Communities for wider dissemination of content, including paid promotion within these spaces.
* **MITRE ATT&CK IDs:** Not explicitly mentioned in the provided text, but the activities align broadly with **T1592.002 (Information Gathering: Social Media)** and **T1598 (Deception Tactics)** within the Initial Access/Reconnaissance phases, applied to information operations.
## Targeting
* **Sectors:** General political and public opinion targeting within Iran.
* **Geography:** Primarily targeting the **Iranian audience/public**.
* **Victims:** The operation is aimed **against the Islamic Republic of Iran regime**. No specific organizations are named as victims of targeting, but the operation is a counter-influence effort in the ongoing information competition against Iranian state information operations.
## Tools & Infrastructure
* **Malware Families Used:** Not mentioned.
* **Infrastructure:** The operation utilizes **over 50 inauthentic profiles on the X platform**. No specific C2 servers, domains, or IPs were detailed in the summary.
## Implications
PRISONBREAK highlights the increasing strategic importance of controlling and manipulating the information environment in geopolitical competition, particularly between Iran and adversaries like Israel. This operation demonstrates the use of state-backed resources to conduct sophisticated, AI-assisted information influence campaigns designed to foster internal dissent and regime instability in a rival nation, bypassing traditional censorship mechanisms.
## Mitigations
* **Detection of Inauthentic Networks:** Implementing enhanced monitoring/detection mechanisms for large, coordinated networks of suspicious accounts on social media platforms (like X).
* **Countering AI-Generated Content:** Developing methodologies to identify and flag content generated or amplified by adversarial AI influence operations.
* **Platform Hygiene:** Reviewing and mitigating exposure risks associated with large, public X Communities that may be used for paid, clandestine promotion.
* **Situational Awareness:** Maintaining strong awareness of influence operations being waged by geopolitical adversaries targeting domestic stability or international interests.