Full Report
The United States and Israel have made battlefield gains in their conflict against Iran, but the United States is struggling to counter Iranian propaganda. Operational successes have removed Iran’s authoritarian supreme leader, dismantled its defense leadership apparatus, and degraded its missile capabilities. However, the opportunity cost of military success for the United States is the loss of ground in the information…
Analysis Summary
# Threat Actor: Iranian Information Operations (Multiple Linked Groups)
## Attribution & Identity
* **Actor Identification:** State-sponsored actors linked to the Iranian regime’s "disinformation machine."
* **Aliases/Associated Groups:** Mentioned associations with wider Iranian cyber operations that accelerate during kinetic conflicts (e.g., following the October 7 attacks and the 2025 U.S.-Israeli strikes).
* **Known Associations:** Linked to networks previously disrupted by Meta (Facebook/Instagram) and Microsoft for influence operations.
## Activity Summary
* **Bluesky Campaign (2026):** Identification of 19 core accounts spreading Iranian war narratives on the Bluesky Social platform. The operation utilizes a multi-platform approach to exacerbate public divisions in the West regarding "forever wars."
* **Post-Strike Narratives (2025):** Following U.S.-Israeli strikes on nuclear facilities, Iranian accounts generated over 126,000 engagements and an estimated 224 million views to manipulate public perception.
* **Anti-Israel Operations:** Historic and ongoing campaigns targeting Israel, Hamas-related conflicts, and high-profile political figures like Benjamin Netanyahu.
## Tactics, Techniques & Procedures
* **Narrative Manipulation:** Crafting messages specifically designed to exacerbate existing domestic political and social divisions in Western countries.
* **Content Recycling:** Reusing old footage and falsely presenting it as current events (e.g., mislabeling old clips as new Israeli attacks).
* **Network Saturation:** Deploying core accounts across multiple digital "communities" (15 identified in the Bluesky dataset) to ensure narratives dominate specific niche audiences.
* **Targeted Influence:** High-performance posting strategies where "divisive" content achieves significantly higher repost and engagement rates (41% increase) than standard posts.
* **Social Engineering:** Tapping into specific cultural sentiments, such as the American "distaste for forever wars," to undermine support for military objectives.
## Targeting
* **Sectors:** Information environment, government policy, and public opinion.
* **Geography:** United States, Israel, and Western audiences more broadly.
* **Victims:** Users of social media platforms (specifically Bluesky, Meta, and X), American voters, and Western political institutions.
## Tools & Infrastructure
* **Malware:** The article mentions **ABCDoor** malware (deployed via tax-themed phishing) in a related brief, though not explicitly tied to the Bluesky narrative campaign.
* **Platforms:** Bluesky Social, Meta-owned platforms (defanged: facebook[.]com, instagram[.]com).
* **Network Infrastructure:** 19 core "seed" accounts used to distribute propaganda across 15 distinct online communities.
## Implications
Despite significant military (kinetic) losses—including the removal of Iranian leadership and degradation of missile sites—Iran remains a potent threat in the "Information War." The strategic assessment suggests that Iran is effectively using disinformation as an asymmetric response to military defeat. This creates a risk of eroding domestic political support for Western military operations and deepening social polarization within the U.S.
## Mitigations
* **Platform Monitoring:** Enhanced detection for coordinated inauthentic behavior (CIB) on emerging social media platforms like Bluesky.
* **Public Awareness:** Educational campaigns to inform Western audiences about "recycled footage" and common Iranian propaganda tropes regarding "forever wars."
* **Network Analysis:** Utilizing "Futures Lab-style" association analysis to identify and deplatform core accounts that anchor disinformation communities.
* **Counter-Messaging:** Developing more effective U.S. and allied strategic communications to fill the information vacuum that Iranian actors currently exploit.