CogDef Brief - April 6, 2026
Summary of information operations and cyber activities as of April 6, 2026.
Information Operations & Influence
Iran Wages Meme War Against U.S. Narrative on Conflict Iranian embassies and senior officials have escalated a coordinated online influence campaign mocking U.S. military operations and President Trump’s rhetoric. Iran’s parliament speaker Mohammad Bagher Ghalibaf has been posting taunting memes in English on X, while Iranian diplomatic accounts globally have deployed satirical content — including Lego soldiers, doctored imagery, and sarcastic captions — to undermine Washington’s narrative around the conflict. Iran’s embassies are effectively waging a meme war targeting Western audiences, leveraging AI-generated content and viral formats to compete for information dominance. The Guardian described the F-15 crew rescue as a propaganda coup for the U.S. but noted Iran has successfully reframed the narrative by invoking the failed 1980 Operation Eagle Claw.
China and Russia “Winning the Global Information War” Amid Iran Conflict An analysis from EADaily argues that while the Trump administration remains focused on the Iran theatre, China and Russia are winning the global information war. The piece contends that U.S. credibility and alliance structures have eroded over the past year, creating openings for Beijing and Moscow to advance competing narratives — particularly around the legitimacy of the Iran conflict and the future of the Middle East order. Separately, China’s Foreign Minister Wang Yi spoke with Russian counterpart Sergei Lavrov, with both sides pledging to cooperate at the UN Security Council to “cool down” the Middle East situation, framing themselves as peacemakers against U.S. escalation.
Pakistan-Linked Networks Target Bangladesh with AI-Driven Disinformation A new report identifies Pakistan-linked disinformation networks actively targeting Bangladesh through coordinated digital campaigns leveraging social media, AI tools, and coordinated amplification techniques. The networks are reportedly using local proxies and culturally tailored content to influence Bangladeshi digital discourse, reflecting a growing trend of South-South information operations enabled by generative AI.
Britain Confronts Information Warfare Vulnerabilities Bloomberg reports that the UK is waking up to information warfare threats, citing an illustrative case: when Iran imposed an internet blackout following Israeli airstrikes last year, hundreds of social media accounts promoting Scottish independence suddenly went silent — suggesting they were operated from Iran as part of a covert influence operation designed to exploit domestic UK political divisions.
U.S. Government Pressures Satellite Firm to Withhold Iran War Imagery Planet Labs announced it will indefinitely withhold satellite imagery of Iran and the broader Middle East conflict zone at the request of the Trump administration, citing “safety and operational security reasons.” The blackout covers all imagery captured from March 9 onward and is expected to last until the conflict ends. Multiple media outlets and analysts warn the move significantly hampers independent journalism and open-source verification of the conflict, raising concerns about wartime information control.
Cyber Operations
Germany Unmasks REvil Ransomware Leaders Germany’s Federal Criminal Police Office (BKA) publicly identified the leaders of the REvil and GandCrab ransomware operations. The figure known as “UNKN” has been revealed as 31-year-old Russian national Daniil Maksimovich Shchukin. Working alongside 43-year-old Anatoly Sergeevitsch Kravchuk, Shchukin is accused of orchestrating at least 130 attacks in Germany between 2019 and 2021, extorting roughly €2 million and causing over €35 million in economic damage. Both suspects are Russian nationals and remain at large. REvil was one of the most prolific ransomware-as-a-service operations globally before being disrupted.
Iran Threatens to Strike U.S. Tech Infrastructure, Including AI Data Centers Iran’s Islamic Revolutionary Guard Corps has claimed that its strikes in the Gulf have targeted facilities supporting “enemy” military and intelligence operations, and TechRadar reports Tehran is now threatening to bomb the $30 billion Stargate AI data center in the UAE, backed by OpenAI, Nvidia, and other major tech firms. This reflects a broader strategic shift in which technology companies become targets as AI and digital infrastructure are increasingly integrated into warfighting.
Espionage & Intelligence
Chinese Firms Use AI to Track U.S. Military Movements in Iran Theatre Private Chinese companies are using AI and open-source data to monitor and publicize U.S. carrier group movements, airbase activity, and drone operations in the Middle East, according to reporting from The Washington Post via Kyiv Post. ABC News reports that U.S. intelligence believes Chinese AI-enhanced satellite imagery of Middle East bases is helping Iran identify targets. The bipartisan Select Committee on China warned that “companies tied to the Chinese Communist Party are turning AI into a battlefield surveillance tool against America.” This open-source intelligence activity blurs the line between commercial technology firms and state-aligned intelligence gathering.
Operation CamelClone: Multi-Region Cyber Espionage Campaign Uncovered Indian cybersecurity firm Seqrite disclosed “Operation CamelClone,” an active, multi-region cyber espionage campaign targeting government, defense, diplomatic, and strategic energy organizations across multiple countries. The campaign targets sectors with access to sensitive policy and defense information, though attribution details are still emerging. The operation’s name suggests the use of impersonation or clone techniques to gain initial access.