Iranian cyber attacks broad enough to target every Israeli, official says

Street concerts, outdoor festivals, late-night parties and music events have become increasingly visible in Tehran and beyond. Young people, many without the headscarves which are required for women, have filled pop and jazz concerts while street bands draw large crowds on central boulevards.

“This has nothing to do with the government,” Memarian said. “It is a very massive force underneath the society, and they are opening pathways that my generation was not able to even touch.”

Images and reports from across the country show men and women running together in a desert marathon in Kerman, while on Kish Island in the Persian Gulf the organizers of a separate marathon were arrested after women ran without hijabs.

• 

  Kish Marathon: hijab controversy or political score-settling?

Local media said more than 5,000 people took part in the Kish race, and photographs of female runners posing with medals and uncovered hair circulated widely online. Judicial officials accused organizers of “violating public decency” and said warnings about the dress code had been ignored.

The apparent cultural opening has been tolerated by authorities in its bid to shore up popular support in the wake of the punishing conflict with Israel and the United States, even as they have stepped up arrests and executions.

Memarian said the opening is not sudden. For years, multiple demographics “have been pushing inch by inch,” and many have paid a price. But two events accelerated it: the death of Mahsa Amini in morality police custody in 2022, which triggered nationwide protests and the twelve-day war between Iran and Israel earlier this year.

In June, Israel launched a surprise military campaign on Iranian nuclear facilities, missile production sites, killing nuclear scientists along with hundreds of military personnel and civilians.

Iran retaliated with waves of drones and ballistic missiles, prompting a week of exchanges. The United States then intervened directly, striking three Iranian nuclear sites at Fordow, Isfahan and Natanz with bunker-busting bombs.

Many Iranians spent nights sheltering in parking garages and stairwells. The government urged calm and vowed that its defenses had “full control,” yet many ordinary people said they felt unprotected.

“People were left alone. They saw the regime could not protect them. That created a huge vacuum and emboldened many Iranians,” Memarian said.

He emphasized that the changes are not limited to affluent parts of Tehran.

“It is a very widespread movement. From Tehran to small cities and villages, people are voicing their demands, imposing their lifestyle on the system.” Social media has erased the geographic divide, he added, allowing young people in remote areas to follow the same trends as their peers in urban centers.

“We have a massive explosion of expectations inside the country,” he said. “They are not going to let the government write their destiny. There’s no going back.”

Despite ongoing arrests and a rise in executions, officials have responded cautiously. The judiciary chief recently said the current relaxed approach to hijab enforcement “cannot continue,” and conservative voices have warned that “the Islamic revolution will soon disappear” if the trend continues.

Memarian said the state’s enforcement network sees the social shift as existential. “Those who favor repression are part of a massive, expensive machine,” he said. “Their identity, paycheck and power come from it. If they lose this, it’s over.” Some insiders, he added, now believe they cannot win. “They fear this is the beginning of the end. The domino has started to fall.”

Iran’s economy remains under strain, with sanctions, inflation, water shortages and energy problems. Yet Memarian said young Iranians remain focused on building their future ... one where the "Islamic Republic is something from the past.”

While the presumed murder of Mohammad Hossein Tajik had been previously reported by Iranian dissidents, details published by the magazine's reporter Shane Harris with whom he corresponded provide new information about his motives and actions.

Harris wrote that he first made contact with Tajik after an Iranian hacker group called Parastoo posted its email address on a message board inviting people to make contact.

It had previously posted details about how a stealth US drone flying over Afghanistan had been commandeered and seized by Iran in December 2011.

The report cited Tajik as saying that his father, who goes by the honorific title Hajji Vali, had been a veteran agent of Tehran's security apparatus after storming the headquarters of the Shah's secret police amid the 1979 Islamic Revolution.

His family ties and facility with math and computers earned him a position at the intelligence ministry at age 18 and Tajik reportedly said he eventually came to lead an elite cyber-warfare unit.

Cyberattacks

Harris said Tajik told him Iran focused its operations on Israel and Saudi Arabia, adding that he had played a role in a 2012 cyberattack on the Saudi state oil company Aramco in which information was wiped from three-quarters of its office computers.

Tehran, Tajik said, had shared techniques with Russia's GRU intelligence service and had attacked the electrical grid of NATO member Turkey in 2015.

Iran had also played a secret role, he went on to allege, in a February 2016 attack on the central bank of Bangladesh in which $81 million was stolen, for which the United States later indicted three North Korean hackers.

Tajik alleged that Tehran had instructed its Lebanese ally Hezbollah on how to penetrate the SWIFT international banking network and the group had passed the information on to Pyongyang in exchange for missiles.

Torture, death

For reasons which remain unclear, Tajik began collaborating with the CIA around times in which the agency scored major intelligence success against Iran and its allies, Harris reported.

His relationship coincided with the assassination of veteran Hezbollah military chief Imad Mughniyeh in Damascus in a joint US-Israeli operation in February 2008 and the discovery of Iran's secret underground uranium enrichment facility Fordow in September 2009.

Tajik did not take credit for either, Harris reported. Fordow was among three Iranian nuclear sites bombed by the United States on June 22.

The CIA, Tajik told Harris, had declined to work with him further but had said it would extract him from the country should he wish. But Tajik said he either wanted to rekindle his relationship with the agency or he would expose their secrets on Iran.

Tajik expressed strong dissatisfaction with Iran's ruling system in their conversations.

US intelligence ultimately severed the relationship. "The CIA had cut ties because the risk of working with him became greater than the value of his information," Harris wrote. "My sources told me he didn’t follow instructions. One day he’d be clearheaded; the next he’d be acting paranoid, imagining conspiracies."

"Some officers wondered if he was taking drugs that impaired his judgment. It’s a handler’s job to manage sources," he added. "And Mohammad, one US official told me, had become 'unmanageable.'"

Tajik had departed from the agency's protocols by using a personal phone to take pictures of communications on his CIA-issued laptop. Authorities arrested him and by September 2013 he was transferred to Tehran's Evin Prison where he was tortured by having boiling water poured on his penis and being forced to lie in a grave-like hole.

“Being still a double—turning into a triple and later to a nothing/everything/ticking-bomb," the report quoted Tajik as confiding, in a possible indication that his bid to get reconnected to the CIA via the journalist was forced by his interrogators as a condition of his freedom.

Harris reported that Tajik had introduced him a month before his death to Ruhollah Zam, an Iranian dissident journalist living in Paris. Zam told him that Tajik was murdered on July 5, 2016, in his home by his father in a move to preserve family honor as his son was preparing to leave the country.

His death records on Tehran's Behesht-e Zahra cemetery website says he died on July 7.

According to the Atlantic report, Tajik received no autopsy nor did his death certificate list a cause of death.

Friends cited by Harris said he had become addicted to painkillers after his torture, but that the cause of his death was never confirmed. He was 35 years old when he was murdered.

Zam was lured to Iraq with the promise of an interview with a senior cleric only to be abducted by Iranian agents and hanged in Tehran in 2020.

In a statement on Tuesday, the embassy said “unscrupulous individuals” had been spreading fake letters online, offering Iranian men aged 18 to 45 contracts “to serve with the Armed Forces of the Russian Federation in the area of the special military operation.”

“The embassy officially declares that this letter and any similar document are forgeries of a criminal nature,” the statement said. “Neither the embassy nor any official Russian institution has any connection with them.”

The denial followed a report by the Tehran-based outlet Rouydad24, which said that leaflets distributed near the Russian Embassy in Tehran invited Iranian men to join the Russian army with promises of dollar payments and contracts “directly under the Ministry of Defense of the Russian Federation.”

The flyers, seen around College Square, targeted men aged 18 to 45 and offered starting bonuses of $15,000 to $18,000 and monthly salaries of $2,500 to $2,800, along with free housing, medical care, and military uniforms.

Rouydad24 said the leaflets directed readers to a Telegram channel that had published multilingual posts in Persian, Russian, Arabic, and English, describing the campaign as a “state-supported initiative.”

One video shared by the channel appeared to show a man in a Russian military uniform introducing himself in Persian as “Mohammadian Khatibi, from Iran.”

The Iranian report compared the flyers to similar alleged recruitment efforts in India, Nepal, Sri Lanka and several African countries, which foreign media have described as part of Moscow’s drive to attract foreign fighters amid heavy losses in Ukraine.

While the embassy has now categorically denied any such activity in Iran, Rouydad24 noted that the case underscores the vulnerability of economically distressed Iranians to online recruitment scams offering large foreign payouts.

Nima Ashrafzadeh is CEO of Iranian e-commerce platform Pindo, a subsidiary of Iran's top online retailer Digikala.

The internal celebration at Pindo last December was reportedly deemed by authorities to have violated public morality codes because men and women attended together and some women appeared unveiled, according to Tehran-based tech outlet Digiato.

Yalda Night, an ancient Persian festival marking the year’s longest night, is traditionally celebrated in Iran with gatherings of family and friends, poetry readings, and fruit such as pomegranates and watermelon.

Digikala co-founder Hamid Mohammadi confirmed the sentence on the social platform X, saying the verdict had become final. He called it “unbelievable” and said it sends a “discouraging message” to those working in Iran’s digital economy.

“A few weeks ago, leaders of the digital economy were invited to meetings with the president and the heads of all three branches of government, where we heard promises of support,” Mohammadi wrote on Tuesday. “Today, the CEO of Pindo has been sentenced to 74 lashes, and the company’s license has been revoked.”

Mohammadi described the punishment as evidence of “a deep gap between official words and action,” saying it reflects growing uncertainty for Iran’s private sector and tech entrepreneurs.

Part of broader hijab crackdown

The case comes amid a renewed campaign by Iranian authorities to enforce mandatory hijab laws in both public and private settings. Earlier this month, judiciary chief Gholamhossein Mohseni Ejei said “the current situation cannot continue,” announcing new coordination between police, prosecutors, and regulators to address what he called “social disorders” linked to hijab violations.

Ejei said intelligence agencies had been ordered to identify “organized promoters of improper hijab,” and warned that restaurants, cafés, and companies could face permanent closure if violations occurred on their premises. Government institutions, he added, would also be held responsible for “unlawful behavior” at official events.

The judiciary statement followed a letter from 155 lawmakers urging tougher enforcement, accusing the courts of passivity toward noncompliance and demanding “consistent application of existing regulations.”

Despite these pressures, many women in major Iranian cities continue to appear unveiled in public spaces, and videos circulating online show mixed gatherings, music, and casual dress — a sign of ongoing defiance amid an intensifying state crackdown.

Deputy Foreign Minister Majid Takht-Ravanchi headed the Iranian delegation. A preparatory session with diplomats and experts from the three countries was held on Monday, according to ISNA.

The meeting reviewed progress in implementing the Beijing accord, which restored diplomatic relations between Tehran and Riyadh after a seven-year rift and set out commitments to reopen embassies and expand political and economic ties.

According to China’s foreign ministry, the three sides called for an immediate halt to Israeli actions against Palestine, Lebanon, and Syria, and condemned violations of Iran’s national sovereignty and territorial integrity. The statement also said the parties look forward to expanding cooperation in various fields, including economics and politics.

The previous rounds of the trilateral committee were held in Beijing and Riyadh, where the sides reaffirmed respect for sovereignty and non-interference and welcomed China’s continued mediation to support regional dialogue.

Regional visits to Tehran

The Tehran meeting followed a flurry of recent diplomatic activity involving Iran and its regional neighbors. Last month, senior officials from Turkey and Saudi Arabia also visited Tehran for high-level talks widely seen as efforts to manage regional tensions through dialogue.

At the same time, new reports shed light on broader diplomatic exchanges behind the scenes.

According to an exclusive report by Iran International, the Trump administration responded to a message from Iranian President Masoud Pezeshkian, conveyed through Saudi Crown Prince Mohammed bin Salman, by reaffirming its three preconditions for any talks with Tehran: a halt to uranium enrichment, an end to Iran’s support for regional armed groups, and restrictions on its ballistic missile program.

Reuters earlier reported that Pezeshkian’s letter to the crown prince, sent before his late-November visit to Washington, said Iran “does not seek confrontation” and remains open to diplomacy if its rights are guaranteed.

During that trip, US President Donald Trump said he was “open” to a new deal with Tehran, while Mohammed bin Salman pledged to “do our best to help reach a deal between America and Iran.”

Supreme Leader Ali Khamenei later dismissed reports of Iranian outreach via Riyadh as “pure lies,” though it remains unclear whether he was briefed on the exchange or if Tehran chose to deny it after the US response.