Data from July 2 to December 30, 2025, indicates a paradigm shift in digital repression, particularly regarding its transnational reach. During this period, the volume of cyber threats increased by 15% compared to the previous six months. At the same time, requests for digital security consultations surged by 67%, reflecting heightened anxiety among users\u2014including those not personally targeted\u2014both inside and outside of Iran.<\/span><\/p>\n A critical turning point occurred during the nationwide <\/span>Dey protests<\/span><\/a> (late December 2025\u2013January 2026). Despite a total 10-day internet blackout, digital repression expanded beyond Iran\u2019s borders through various threats against activists abroad. Notably, digital rights violations during this month increased by 500% compared to the same period last year, demonstrating a powerful synergy between domestic and transnational repression tools.<\/span><\/p>\n All of this is taking place under conditions where, from the protests in Dey (late December\u2013January) until today, the internet in Iran has been shut down for more than 39 days. Research by Filterwatch <\/span>indicates<\/span><\/a> that, given the Iranian government\u2019s new policies, there is no clear prospect of internet connectivity being restored. The government is rapidly expanding domestic services on the National Information Network (NIN). The website <\/span>Iran.ir<\/span><\/i> has become a central hub for this situation, with more services being introduced on it every day.<\/span><\/p>\n The development of whitelist-based access is ongoing, and this strategic shift from traditional censorship to a whitelist model has caused significant side effects: many domestic services either do not function properly or do not work at all. The National Information Network is extremely slow, and people are increasingly being pushed toward domestic platforms.<\/span><\/p>\n Severe censorship is being enforced on domestic search engines and all local platforms. Searching for keywords such as \u201cwar\u201d or \u201cceasefire\u201d on <\/span>https:\/\/gerdoo.me\/<\/span><\/a> yields no results in images, videos, or news sections\u2014as if no war exists, not only in Iran but anywhere in the world.<\/span><\/p>\n In the <\/span>https:\/\/zarebin.ir<\/span><\/a> search engine, searching for the name \u201cMojtaba Khamenei\u201d returns only results that focus on his power and wealth outside Iran. Similarly, searching for the keyword \u201cwar\u201d produces content that presents a narrative of Iran\u2019s decisive victory in the conflict.<\/span><\/p>\n Each gigabyte of VPN access that can connect users to the internet\u2014whether via whitelisted servers or Starlink\u2014is being sold for between 1 and 3 million tomans (approximately 6\u201324 USD), a cost <\/span>5\u201320 times higher than the global average for one gigabyte<\/b>, effectively turning internet access into a luxury commodity that many people cannot afford.<\/span><\/p>\n At the same time, the price of internet packages offered by telecom operators has also increased, although this traffic does not provide access to the global internet and can only be used to access services on the National Information Network.<\/span><\/p>\n Most Significant Events:\u00a0<\/b><\/p>\n During this period, we witnessed the emergence and intensification of complex, multi-layered transnational threats. These began with Distributed Denial of Service (DDoS) attacks against the websites of prominent Iranian human rights activists\u2014using infrastructure linked to the Iranian government\u2014and extended to the targeted distribution of malware via platforms like Telegram.<\/span><\/p>\n Attackers also utilized phishing links to gain unauthorized access to the accounts of high-profile Iranian-American journalists, highlighting a clear focus on targets outside Iran\u2019s geographic borders. Furthermore, the use of Artificial Intelligence (AI) tools to generate and disseminate disinformation, along with the doxxing of activists and Iranians living abroad, has added new and dangerous dimensions to these threats.<\/span><\/p>\n These actions, paired with public threats from Iranian officials on state-run radio and television, signify the emergence of a systematic pattern of \u201ctransnational repression\u201d. This phenomenon combines cyber, intelligence, and media tools to reach a level of complexity and scale that distinguishes it from previous years.<\/span><\/p>\n Dominant Attack Patterns:<\/span><\/p>\n The Islamic Republic has significantly expanded its digital repression beyond Iran's borders. Nearly <\/span>30%<\/b> of all cases recorded between July 2 and December 30, 2025, involved diaspora civil activists and targets located outside of Iran.<\/span><\/p>\n The report identifies a global reach for these threats, with the primary target countries being the United Kingdom, United States, Sweden, Turkey, Germany, and France.<\/span><\/p>\n Transnational threats are no longer limited to the Iranian diaspora. The reporting period revealed attacks targeting:<\/span><\/p>\n The data shows a strategic shift in who is being targeted organizationally:<\/span><\/p>\n A particularly alarming case involved an impersonation attempt designed to deceive a journalist and lure them to Iraq to facilitate a kidnapping or other transnational repression objectives.<\/span><\/p>\n![\"\"](\"https:\/\/filter.watch\/wp-content\/uploads\/sites\/2\/2026\/04\/Cyber-Threats-EN-1024x512.png\")
<\/a><\/p>\nFrom Blackout to Whitelist: Iran\u2019s Evolving Internet Control Strategy<\/b><\/h4>\n
![\"\"](\"https:\/\/filter.watch\/wp-content\/uploads\/sites\/2\/2026\/04\/Iranir_-1024x576.png\")
<\/a><\/p>\n![\"\"](\"https:\/\/filter.watch\/wp-content\/uploads\/sites\/2\/2026\/04\/Gerdoo-1024x576.png\")
<\/a><\/p>\n![\"\"](\"https:\/\/filter.watch\/wp-content\/uploads\/sites\/2\/2026\/04\/Zarebin-1024x576.png\")
<\/a><\/p>\n\n
\n
Transnational Repression: Statistics and Trends<\/b><\/h4>\n
![\"\"](\"https:\/\/filter.watch\/wp-content\/uploads\/sites\/2\/2026\/04\/Targeting-Patterns-EN-1024x512.png\")
<\/a><\/p>\nGeographic Distribution and Growth<\/b><\/h4>\n
\n
![\"\"](\"https:\/\/filter.watch\/wp-content\/uploads\/sites\/2\/2026\/04\/Map-World-1024x512.png\")
<\/a><\/p>\nExpanding the Circle of Repression<\/b><\/h4>\n
\n
Targeted Organizations and Emerging Trends<\/b><\/h4>\n
\n
Special Case: Abduction Deception<\/b><\/h4>\n
Domestic Threats: Statistics and Trends<\/b><\/h4>\n
![\"\"](\"https:\/\/filter.watch\/wp-content\/uploads\/sites\/2\/2026\/04\/Map-Iran-EN-1024x512.png\")
<\/a><\/p>\n