After a big drop in April, Iran’s conventional military activity is up. Cyber operations never slowed down.
Few countries were hit as hard by the COVID-19 pandemic as Iran, which has seen more than 114,000 confirmed cases. But in recent weeks, open-source intelligence gleaned from Persian- and Arabic-language sources, as well as commercially available location data from mobile devices, suggests that Iranian military activity did not drop off as severely as civilian activity, according to data analytics company Babel Street. Both types of activity picked back up in May, and Iran’s support for offensive cyber operations and proxy forces in Yemen and Iraq didn’t show any signs of waning at all.
Babel Street’s analysis drew on commercial telemetry data, or CTD, gleaned from things like apps that collect users’ locations. They compared the data year-on-year in March, April, and May at facilities in Bushehr and the Strait-of-Hormuz port of Bandar Abbas, including air bases, naval bases, and the Bushehr nuclear facility.
In a report released Thursday and obtained exclusively by Defense One, they found that civilian activity dropped more than 90% during parts of March and April, as measured from data collected at the Tehran Grand Bazaar and elsewhere. Military activity dropped 30% to 50% compared to last year.
“Unlike the example from Tehran Grand Bazaar, activity never appears to have fallen below 25% of 2019 levels, even during peak [COVID-19] countermeasures from 20 March to 17 April,” they write.
Activity rose in the two weeks preceding May 11, they say.
That April drop will likely affect Iran’s military readiness, said Mark R. Quantock, a retired Army major general who is Babel Street’s executive vice president for strategic accounts.
“Any time you reduce significantly military activity, you’re going to have an atrophy of capability...In terms of flight hours, for example, if you don’t have pilots up, consistently, those skills do in fact atrophy,” Quantock said. “I think the thing to watch is…how much longer do these activity levels stay suppressed and then continue to adversely impact—from an Iranian perspective—on their readiness in terms of training and operations.”
The virus hasn’t hurt Iran’s asymmetric capabilities, including offensive cyber-operations aimed at regional and Western adversaries, or reduced its support for proxy forces in Yemen and Iraq, the report said.
Iran’s focus on arming, funding, and inciting proxy forces and conducting cyber attacks allows the regime to pursue specific objectives while protecting the military from detection and from the coronavirus. “Iran’s model for regional influence is tailor-made for a pandemic,” said McDaniel Wicker, Babel Street’s vice president of business development. “We’ve seen increases in cyber activity by [Iran Revolutionary Guard Corps] linked accounts both in Arabic and in Persian, working to get out their messaging, to push some of their proxies toward violence in Iraq.”
The report is based on social media platforms, blogs, web forums, message boards, and other sources in Arabic, Persian, and other languages.
Reuters last week reported Iranian cyber activity aimed at drugmaker Gilead, which is working on a therapeutic for COVID-19.
Quantock and Wicker emphasize that CTD data is best understood in the context of other data, both open source, like blogs and news sites, as well as classified or clandestine data to which the intelligence or military community would have exclusive access.
“The CTD information is just one of the data sources we use to create that picture, that story,” said Quantock.