Iran allegedly exploited weaknesses in global telecommunications infrastructure and the mobile advertising ecosystem to track U.S. military personnel during the Iran war, according to reporting and research cited by SC Media and Citizen Lab. The activity reportedly relied on SS7 signaling weaknesses in legacy 2G and 3G roaming networks to obtain location data on U.S. forces across Iraq, Bahrain, and other Middle Eastern locations, while ad-tech mechanisms were also used to monitor targeted cellphone users.
Citizen Lab said the targeting appeared highly specific and that at least some tracking attempts could be linked to an Iranian mobile phone operator. Researcher Gary Miller told the Financial Times that Iran has the capability to obtain real-time, continuous location information through SS7 or regional mobile network access, and the reported surveillance was said to have supported military strikes that caused several injuries, highlighting persistent risks in telecom signaling systems and ad-tech data collection.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
2 events from the most recent confirmed update back to the earliest known activity.
The reported surveillance capabilities were said to have supported Iranian military strikes that caused several injuries to U.S. forces during the early phase of the conflict. The reporting presents this as an operational consequence of the location-tracking activity.
During the buildup to and early days of the Iran War, Iran allegedly exploited SS7 weaknesses in 2G/3G roaming infrastructure and used advertising technology to monitor and locate U.S. military personnel in Iraq, Bahrain, and elsewhere in the Middle East. Citizen Lab reporting also linked at least some tracking attempts to an Iranian mobile phone operator and described the activity as highly targeted.
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
2 references tracked. Mallory keeps watching after this page renders.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.