Iran’s State TV Hijacked to Broadcast Protest Videos Satellite Hack amid Rising Tensions

On 18 June 2025, Iran’s state broadcaster, Islamic Republic of Iran Broadcasting (IRIB), experienced a satellite signal hack during evening programming, airing videos from the 2022 “Woman, Life, Freedom” protests and urging viewers to rise up a cyber‑broadcast intrusion reportedly blamed on foreign actors. The incident underscores escalating cyber-physical conflict in the Middle East, merging satellite vulnerabilities with information warfare. The hack occurred amid regional military strikes, spotlighting the growing intersection of cyber‑attacks and geopolitical confrontation.

What Happened and Why It Matters

Chronology of the Intrusion

• June 18 2025, evening: Viewers reported protest-themed videos and calls to street protests interrupting live broadcasts on satellite channels.
• IRIB issued a brief onscreen warning, attributing the disruption to “enemy interference with satellite signals”.
• Iran’s media later pinned responsibility on Israel, alleging the hack was orchestrated by “Zionist enemies”.

Regional Context & MEA Implications

Satellite-Dependent Media Vulnerabilities

In the MEA region, where satellite TV remains crucial for information dissemination especially in rural and under-connected areas this hack sets a dangerous precedent: adversaries can inject disinformation at scale. Broadcast manipulation extends beyond signal jamming to full content intrusion.

Link Between Cyber and Kinetic Warfare

The hack coincided with Israeli airstrikes on Iranian infrastructure such as IRIB studios in Tehran on 16 June 2025, blending traditional and digital offensives. This signals a paradigm where cyber strikes complement physical attacks in high-stakes conflict theaters, affecting not only national broadcasters but public sentiment and security awareness. Our ongoing cybersecurity trends analysis at CyberCory underscores this hybrid threat landscape.

Global Comparisons: Media Hacks Are Not New

Past Intrusions

• In October 2022, a protest group (Edalat‑e Ali) hijacked state TV live feed with anti‑regime messaging, including Mahsa Amini images and slogans.
• Similar breaches have occurred in Romania (2023) and other regions broadcast signal intrusion emerges repeatedly where satellite networks lack robust authentication.

Geopolitical Messaging via Media

Cross-border cyberattacks on nation-state broadcasters are increasingly tools of psychological operations—seen in Russia‑Ukraine, Middle‑East—used not just to disrupt but to provoke and influence public behavior.

Expert and Official Perspectives

“If you experience disruptions … it is due to enemy interference with satellite signals,” IRIB stated, linking the intrusion directly to foreign manipulation en.wikipedia.org+10en.apa.az+10deepnewz.com+10.

Meanwhile, Times of Israel reported Israeli UN spokesperson Jonathan Harounoff publicly shared footage of the incident, highlighting the hack’s symbolic impact.

Technical Overview: MITRE Perspective

Initial Access T1190 – Exploit Public‑Facing Application (satellite uplink)
Manipulation of Media T1602 – Payload Delivery via Broadcast Interference
Impact T1489 – Data or System Disruption (targeting broadcast)

This represents a novel use of broadcast-level intrusion to deliver psychological payloads without touching the core broadcast network—leveraging uplink channels.

Actionable Takeaways for Security Teams

1. Harden Satellite Uplinks: Implement best practices around satellite uplink authentication, encryption, and telemetry monitoring.
2. Monitor Broadcast Integrity: Deploy anomaly detection on content feeds, using open-source intelligence to detect media tampering.
3. Integrate Physical & Cyber Defenses: Align broadcast infrastructure protection with national cybersecurity policies and MEA regulatory frameworks.
4. Cross-Domain Incident Playbooks: Prepare coordinated responses that cover broadcast, online, and physical network disruptions.
5. Engage in Regional Collaboration: Encourage public-private sharing across MEA; Earth-observation, satellite, and terrestrial cyber hubs must share intelligence.
6. Invest in Cyber Awareness Training: Expand staff training to cover signal jamming, spoofing, and hybrid attack vectors available through security services at SaintyNet.
7. Red-Team Satellite Channels: Include uplink/spoofing scenarios in penetration tests (satellite and ground systems).
8. Regulatory Review of Satellite Standards: Advocate stronger standards for uplink operator credentialing and emergency response.
9. Contingency Broadcasting Plans: Maintain backup channels (terrestrial, online) to maintain messaging integrity post-breach.
10. Public Information Campaigns: Prepare proactive communications to counter misinformation in case of future disruptions.

Conclusion

The 18 June 2025 hack of IRIB’s satellite broadcast marks a new front in cyber-physical warfare one targeting information flow at public scale. As hybrid threats proliferate, MEA and global broadcasters must upgrade resilience across their uplink infrastructure, threat detection, and response strategies. Trust in public media hinges on ensuring content integrity. For cybersecurity news, alerts, trends, and best practices keep following us at CyberCory.

Sources

• APA – Iran’s state TV hacked, protest videos aired (18 June 2025) townhall.com+6en.apa.az+6moneycontrol.com+6
• Times of Israel – Iran blames Israel for hacking state TV broadcast (19 June 2025) moneycontrol.com+2timesofisrael.com+2dailymirror.lk+2
• Al Bawaba – Iran state TV hacked mid-broadcast (18 June 2025) albawaba.com
• The Long War Journal – Israel strikes Tehran police HQ, hacks live broadcast (18 June 2025) longwarjournal.org
• DeepNewz – Iran State TV Hack Broadcasts Protest Calls (18 June 2025) en.wikipedia.org+11deepnewz.com+11albawaba.com+11
• Israel National News – Hackers take control of Iranian state media (18 June 2025) israelnationalnews.com+1townhall.com+1