Israel confrontation with Iran is increasingly extending into the realm of information. During the late 2025/ early 2026 mass protests in Iran (mainly driven by severe economic distress) social media platforms, particularly Twitter became arenas where coordinated external messaging and amplification networks leverage organic domestic dissent, actively shaping perceptions of the protests scale and regime stability. Open-source investigations suggest that Israeli-linked actors engaged in Persian-language digital campaigns that amplified protest narratives and encouraged unrest, without conclusive evidence of directing events on the ground. This activity reflects a broader hybrid warfare strategy in which information operations are used to exploit internal crises while avoiding direct military escalation.

Hybrid Warfare and Social Media Influence

Now more than ever being able to influence public perception is paramount. This skill falls within the category of hybrid warfare tools where a great requisite for geopolitical agility and effectiveness consists of achieving strategic goals without full-scale open conflict.  To this extent Social media in particular has become a key battleground of influence: academic and defense studies confirm that platforms like Twitter/X are “widely used … to influence the beliefs and attitudes of target audiences, even mobilize them for action”. States actors are therefore capable of deploying vast numbers of automated or fake accounts that are designed to broadcast propaganda, sow confusion and spread false narratives.

The 2025–26 Iran Protests: Economic Grievances and Spread

On Dec. 28, 2025, a group of shopkeepers in Tehran’s historic Grand Bazaar closed their stalls in anger after the Iranian rial lost nearly half its value over the past year, by late 2025 Iran’s monthly inflation rate was reported above 40%, with Reuters noting a 48.6% increase in October 2025. This mounting economic pressure compounded by the US  full regime sanctions has sparked public outrage. Videos and eyewitnesses (verified by news agencies) showed crowds in places like Azna, Kermanshah, and Zahedan chanting slogans such as “Death to the dictator” and defacing regime symbols By Jan. 2026 the movement had spread to universities and neighborhoods of Tehran, with marketplaces and universities joining in solidarity. Rights groups told Reuters that in the first nine days of this wave, at least 25 protesters were killed in clashes with security forces.

Image Source: BloomBerg

President Masoud Pezeshkian, a reformist figure, immediately acknowledged the public’s plight and promised dialogue, deploying tactical concessions.  To this regard the government response acknowledged the gravity and most importantly the different nature of these protests, which were leaderless and focused on bread-and-butter issues, unlike Iran’s past movements (e.g. 2009 Green protests or 2022-23 “Woman, Life, Freedom” rallies). Given this contingency   of factors, and record of similar Israeli operations, the risk of Israeli foreign interference is highly relevant. Two distinct cases will be analyzed.

Israel’s Social-Media Influence Campaigns

Amid this turmoil, independent researchers have documented a sophisticated Israeli-linked information campaign on social media targeting Iranian audiences. In October 2025, the University of Toronto’s 2 Citizen Lab reported on a network it codenamed “PRISONBREAK,” consisting of roughly 50 inauthentic Twitter/X accounts and related sites. These accounts, many with Farsi/“Persian” persona names and AI-generated profile photos, were pushing anti-regime narratives to Iranians. Citizen Lab’s key findings include:

1.       PRISONBREAK was AI-enabled and coordinated, active since 2023 but ramping up after January 2025

2.       It distributed content encouraging Iranians to revolt against the clerical regime

3.       The campaign synchronized with Israel’s June 2025 military strikes on Iran, even posting content during those attacks

Researchers conclude the network is most consistent with “an unidentified agency of the Israeli government, or a sub-contractor working under its close supervision” In practice, the PRISONBREAK network churned out AI-manipulated text, images, audio and video. During Israel’s June 23 2025, attack on Tehran’s Evin Prison (which houses political detainees), PRISONBREAK accounts immediately began tweeting fake eyewitness reports and videos. Citizen Lab shows that at 12:05p.m. (local time, even as the bombing was still underway, one inauthentic account (KarNiloufar) posted an AI-generated video purportedly showing the blasts at Evin. This deepfake footage was rapidly reshared, briefly fooling several news outlets. Minutes later the network explicitly urged people in Tehran to march to Evin and “free the prisoners”, claiming (falsely) that the area was safe. Although these messages did not spark a real prison breakout, they exemplify how the campaign used real events to push a regime-change narrative in real time. CyberScoop reports that PRISONBREAK “routinely used” AI imagery and video to create sensational posts, for instance, one widely circulated clip (likely AI-altered) showed a line at an ATM suddenly erupting into a riot, overlaid with slogans like “The Islamic Republic has failed!”. Dozens of Telegram groups and other channels tied to the operation echoed similar themes: fake BBC-Persian segments, deepfake officials, and bot-amplified messages praising Reza Pahlavi or calling for protests.

The Handala Leaks and Coordinated Bot Amplification on X

A concrete illustration of this dynamic emerged in early January 2026, when hacker group Handala claimed to have compromised a secure phone belonging to Mehrdad Rahimi, an individual presented by Iranian authorities as a covert Israeli intelligence asset. Handala published what it described as a contact list of more than 600 individuals allegedly linked to Mossad networks inside Iran, framing the leak as proof that foreign intelligence structures were embedded within protest-organizing ecosystems. At the same time, Persian-language accounts attributed to the Mossad on Twitter/X openly encouraged Iranians to “come out to the streets,” messaging that was widely amplified through coordinated reposting and suspected automated accounts.

Implications and Scenarios

The use of social media as a tool of hybrid influence during periods of internal unrest carries significant strategic implications that extend beyond the immediate protest cycle. First of all, there is the need to carry out a risk analysis. To this extent Iran officials have been doing a great job reinforcing the regime’s longstanding narrative that domestic dissent is primarily the product of foreign interference rather than structural governance failures, potentially strengthening hard-line security institutions and legitimizing broader repression. Such dynamics may reduce the political space available to reformist actors and civil society, while increasing the likelihood that future protests are met with faster and more forceful containment.

At the regional level this kind of cyberthreats might be regarded as components of a wider coercive strategy triggering retaliatory responses from Iran proxies. As a result, this type of hybrid campaign entails a great escalation risk that breaks free from the digital world.

Besides these security considerations there is the need to focus on the state of degradation of the information environment and relative ease in shaping this latter. The boundary between organic political mobilization and externally manipulated discourse becomes increasingly opaque, eroding public trust in digital communication and complicating efforts to assess the authenticity and scale of dissent, with broader consequences in terms of international policy priorities and geopolitical equilibrium.

Operations such as PRISONBREAK and the most recent example highlight the emergence of an AI-enabled influence arms race, at this point it is safe to state that social media-driven influence operations are becoming a structural feature of a new contemporary geopolitical competition. A geopolitical competition that, before any other technical adjustments in terms of crisis management tools, requires a a deeply nuanced analytical and policy related ability to navigate complexity across escalation, legitimacy and intervention.

 

 

 

Reply

Avatar

or to participate

Keep Reading

© 2026 The Red Zone is a weekly newsletter offering independent geopolitical analysis on the MENA region: no filters, no propaganda, no flags..
Report abusePrivacy policyTerms of use
beehiivPowered by beehiiv