An Iranian cyber operation infiltrated diplomatic networks in the Middle East, targeting ceasefire negotiations in Cairo and compromising sensitive international communications, Israeli cybersecurity firm Dream revealed on Friday.
The company, which specializes in artificial intelligence-based protection for national infrastructure and government entities, uncovered a sophisticated campaign that originated in Iran and reached high-level diplomatic processes.
As part of the operation, the attackers reportedly gained access to the legitimate email account of an employee at the Omani Embassy in Paris. They then sent emails that appeared to be genuine diplomatic correspondence.
These messages, embedded with malware inside seemingly benign Word documents, were sent into diplomatic networks. Upon opening the attachments, the malware was activated, enabling Iranian hackers to gain access to sensitive discussions. Among the recipients were Egyptian officials engaged in ceasefire mediation, as well as representatives from the United States and Qatar.
Dream said it tracked the full extent of the attack using proprietary tools built on Cyber Language Models and autonomous AI agents. The company’s investigation tools operate across both open and dark web sources. One AI agent scanned for indicators of malicious activity, while another conducted forensic link analysis between domains, servers, and command-and-control infrastructure.
The company stated that its systems detected the attack in real-time, identified the threat group behind the campaign, and mapped the entire infection process. The findings, Dream added, could allow authorities to disrupt and potentially disable the threat actor’s operations.
Increase in incidents of Iran-linked cyberattacks on diplomatic efforts
What sets this operation apart, the company noted, was not only the technical execution but the targeting of diplomatic trust as a strategic objective. The incident bears similarities to a 2023 cyberattack in Albania also attributed to Iranian actors, suggesting a broader geopolitical pattern in which cyber tools are used to disrupt diplomatic engagement.
The exposure of this campaign highlights a shift in the global cyber threat landscape, with state-backed actors no longer focusing solely on data theft or disruption, but also attempting to undermine diplomatic processes. Cybersecurity, Dream warned, must now be seen as a pillar of international stability.
Shalev Hulio, founder and CEO of Dream, said, “We founded Dream with the understanding that national security must include national cyber defense. This revelation, achieved entirely through artificial intelligence tools and cyber-focused language models, once again proves that Middle Eastern conflicts play out not only on the ground but also in the digital arena. From the day we established the company, our goal has been to provide states with this layer of protection and to ensure cybersecurity and resilience in a world of sophisticated state-level attacks.”
Tal Fialkow, VP of AI and Cyber at Dream, added, “In a world where artificial intelligence has so far been used mainly by states as a tool for cyberattacks, Dream is presenting for the first time a reversed use: AI Agents that conduct a full investigation and mapping of a state-sponsored attack in real time. This means an unprecedented ability to analyze massive amounts of data, expose methods of operation, and give countries a clear defensive edge against complex state cyber campaigns.”