#FactCheck- AI-Generated Video Falsely Claims Iran Shot Down US F-35 Fighter Jet
Executive Summary:
Amid the ongoing conflict involving the US-Israel and Iran, Tehran has claimed that it shot down a US F-35 fighter jet. In this context, a video is going viral on social media showing a crashed American fighter aircraft on the ground. It is being claimed that the footage shows Iran downing a US F-35 jet. However, an research by the CyberPeace found that the viral video is a deepfake and not real. The clip appears to have been created using Google AI tools.
Claim:
A social media user “Azania” shared the viral video on March 20, 2026, with the caption,“#Iran hit the 5th generation F-35 fighter of the #US Air Force… An American F-35 fighter made an emergency landing at an air base in the Middle East after coming under Iranian fire, sources told CNN.”
Fact Check:
We began our research with a news search and found multiple reports stating that a US F-35 fighter jet was damaged during a combat mission over Iran. According to reports, Iran’s Islamic Revolutionary Guard Corps (IRGC) claimed to have damaged a US F-35 jet and also released a video. As per a CNN report, US officials confirmed that an American F-35 was damaged during a mission over Iran, forcing it to make an emergency landing at a US airbase in the Middle East. The pilot was safe and in stable condition, and the incident is currently under research .
A spokesperson for the US Central Command, Captain Tim Hawkins, also acknowledged that an F-35 made an emergency landing during the mission. However, the US has not officially confirmed that the damage was caused by an Iranian attack.Reports by Fox News and The Times of India also mention the emergency landing of the aircraft.
Upon closely examining the viral video, we noticed several inconsistencies indicating possible AI manipulation. We then analyzed the clip using Hive Moderation, which indicated nearly a 79 percent probability that the video is AI-generated. The analysis also suggests that it was likely created using Google’s AI video generation tools (Veo).
Conclusion:
The viral video claiming to show Iran shooting down a US F-35 fighter jet is AI-generated and not real. While Iran has claimed to have targeted a US F-35, and the US has confirmed an emergency landing during a mission, there is no official confirmation that the aircraft was shot down by Iran.
Related Blogs
Executive Summary:
Recently, we came upon some AI-generated deep fake videos that have gone viral on social media, purporting to show Indian political figures Prime Minister Narendra Modi, Home Minister Amit Shah, and External Affairs Minister Dr. S. Jaishankar apologizing in public for initiating "Operation Sindoor." The videos are fake and use artificial intelligence tools to mimic the leaders' voices and appearances, as concluded by our research. The purpose of this report is to provide a clear understanding of the facts and to reveal the truth behind these viral videos.
Claim:
Multiple videos circulating on social media claim to show Prime Minister Narendra Modi, Central Home Minister Amit Shah, and External Affairs Minister Dr. S. Jaishankar publicly apologised for launching "Operation Sindoor." The videos, which are being circulated to suggest a political and diplomatic failure, feature the leaders speaking passionately and expressing regret over the operation.
Fact Check:
Our research revealed that the widely shared videos were deepfakes made with artificial intelligence tools. Following the 22 April 2025 Pahalgam terror attack, after “Operation Sindoor”, which was held by the Indian Armed Forces, this video emerged, intending to spread false propaganda and misinformation.
Finding important frames and visual clues from the videos that seemed suspicious, such as strange lip movements, misaligned audio, and facial distortions, was the first step in the fact-checking process. By putting audio samples and video frames in Hive AI Content Moderation, a program for detecting AI-generated content. After examining audio, facial, and visual cues, Hive's deepfake detection system verified that all three of the videos were artificial intelligence (AI) produced.
Below are three Hive Moderator result screenshots that clearly flag the videos as synthetic content, confirming that none of them are authentic or released by any official government source.
Conclusion:
The artificial intelligence-generated videos that claim Prime Minister Narendra Modi, Home Minister Amit Shah, and External Affairs Minister Dr. S. Jaishankar apologized for the start of "Operation Sindoor" are completely untrue. A purposeful disinformation campaign to mislead the public and incite political unrest includes these deepfake videos. No such apology has been made by the Indian government, and the operation in question does not exist in any official or verified capacity. The public must exercise caution, avoid disseminating videos that have not been verified, and rely on reliable fact-checking websites. Such disinformation can seriously affect national discourse and security in addition to eroding public trust.
- Claim: India's top executives apologize publicly for Operation Sindoor blunder.
- Claimed On: Social Media
- Fact Check: AI Misleads
Introduction
In an age where the lines between truth and fiction blur with an alarming regularity, we stand at the precipice of a new and dangerous era. Amidst the wealth of information that characterizes the digital age, deep fakes and disinformation rise like ghosts, haunting our shared reality. These manifestations of a technological revolution that promised enlightenment instead threaten the foundations upon which our societies are built: trust, truth, and collective understanding.
These digital doppelgängers, enabled by advanced artificial intelligence, and their deceitful companion—disinformation—are not mere ghosts in the machine. They are active agents of chaos, capable of undermining the core of democratic values, human rights, and even the safety of individuals who dare to question the status quo.
The Perils of False Narratives in the Digital Age
As a society, we often throw around terms such as 'fake news' with a mixture of disdain and a weary acceptance of their omnipresence. However, we must not understate their gravity. Misinformation and disinformation represent the vanguard of the digital duplicitous tide, a phenomenon growing more complex and dire each day. Misinformation, often spread without malicious intent but with no less damage, can be likened to a digital 'slip of the tongue' — an error in dissemination or interpretation. Disinformation, its darker counterpart, is born of deliberate intent to deceive, a calculated move in the chess game of information warfare.
Their arsenal is varied and ever-evolving: from misleading memes and misattributed quotations to wholesale fabrications in the form of bogus news sites and carefully crafted narratives. Among these weapons of deceit, deepfakes stand out for their audacity and the striking challenge they pose to the concept of seeing to believe. Through the unwelcome alchemy of algorithms, these video and audio forgeries place public figures, celebrities, and even everyday individuals into scenarios they never experienced, uttering words they never said.
The Human Cost: Threats to Rights and Liberties
The impact of this disinformation campaign transcends inconvenience or mere confusion; it strikes at the heart of human rights and civil liberties. It particularly festers at the crossroads of major democratic exercises, such as elections, where the right to a truthful, unmanipulated narrative is not just a political nicety but a fundamental human right, enshrined in Article 25 of the International Convention on Civil and Political Rights (ICCPR).
In moments of political change, whether during elections or pivotal referenda, the deliberate seeding of false narratives is a direct assault on the electorate's ability to make informed decisions. This subversion of truth infects the electoral process, rendering hollow the promise of democratic choice.
This era of computational propaganda has especially chilling implications for those at the frontline of accountability—journalists and human rights defenders. They find themselves targets of character assassinations and smear campaigns that not only put their safety at risk but also threaten to silence the crucial voices of dissent.
It should not be overlooked that the term 'fake news' has, paradoxically, been weaponized by governments and political entities against their detractors. In a perverse twist, this label becomes a tool to shut down legitimate debate and shield human rights violations from scrutiny, allowing for censorship and the suppression of opposition under the guise of combatting disinformation.
Deepening the societal schisms, a significant portion of this digital deceit traffic in hate speech. Its contents are laden with xenophobia, racism, and calls to violence, all given a megaphone through the anonymity and reach the internet so readily provides, feeding a cycle of intolerance and violence vastly disproportionate to that seen in traditional media.
Legislative and Technological Countermeasures: The Ongoing Struggle
The fight against this pervasive threat, as illustrated by recent actions and statements by the Indian government, is multifaceted. Notably, Union Minister Rajeev Chandrasekhar's commitment to safeguarding the Indian populace from the dangers of AI-generated misinformation signals an important step in the legislative and policy framework necessary to combat deepfakes.
Likewise, Prime Minister Narendra Modi's personal experience with a deepfake video accentuates the urgency with which policymakers, technologists, and citizens alike must view this evolving threat. The disconcerting experience of actor Rashmika Mandanna serves as a sobering reminder of the individual harm these false narratives can inflict and reinforces the necessity of a robust response.
In their pursuit to negate these virtual apparitions, policymakers have explored various avenues ranging from legislative action to penalizing offenders and advancing digital watermarks. However, it is not merely in the realm of technology that solutions must be sought. Rather, the confrontation with deepfakes and disinformation is also a battle for the collective soul of societies across the globe.
As technological advancements continue to reshape the battleground, figures like Kris Gopalakrishnan and Manish Gangwar posit that only a mix of rigorous regulatory frameworks and savvy technological innovation can hold the front line against this rising tidal wave of digital distrust.
This narrative is not a dystopian vision of a distant future - it is the stark reality of our present. And as we navigate this new terrain, our best defenses are not just technological safeguards, but also the nurturing of an informed and critical citizenry. It is essential to foster media literacy, to temper the human inclination to accept narratives at face value and to embolden the values that encourage transparency and the robust exchange of ideas.
As we peer into the shadowy recesses of our increasingly digital existence, may we hold fast to our dedication to the truth, and in doing so, preserve the essence of our democratic societies. For at stake is not just a technological arms race, but the very quality of our democratic discourse and the universal human rights that give it credibility and strength.
Conclusion
In this age of digital deceit, it is crucial to remember that the battle against deep fakes and disinformation is not just a technological one. It is also a battle for our collective consciousness, a battle to preserve the sanctity of truth in an era of falsehoods. As we navigate the labyrinthine corridors of the digital world, let us arm ourselves with the weapons of awareness, critical thinking, and a steadfast commitment to truth. In the end, it is not just about winning the battle against deep fakes and disinformation, but about preserving the very essence of our democratic societies and the human rights that underpin them.
Introduction
The unprecedented cyber espionage attempt on the Indian Air Force has shocked the military fraternity in the age of the internet where innovation is vital to national security. The attackers have shown a high degree of expertise in their techniques, using a variant of the infamous Go Stealer and current military acquisition pronouncements as a cover to obtain sensitive information belonging to the Indian Air Force. In this recent cyber espionage revelation, the Indian Air Force faces a sophisticated attack leveraging the infamous Go Stealer malware. The timing, coinciding with the Su-30 MKI fighter jets' procurement announcement, raises serious questions about possible national security espionage actions.
A sophisticated attack using the Go Stealer malware exploits defense procurement details, notably the approval of 12 Su-30 MKI fighter jets. Attackers employ a cunningly named ZIP file, "SU-30_Aircraft_Procurement," distributed through an anonymous platform, Oshi, taking advantage of heightened tension surrounding defense procurement.
Advanced Go Stealer Variant:
The malware, coded in Go language, introduces enhancements, including expanded browser targeting and a unique data exfiltration method using Slack, showcasing a higher level of sophistication.
Strategic Targeting of Indian Air Force Professionals:
The attack strategically focuses on extracting login credentials and cookies from specific browsers, revealing the threat actor's intent to gather precise and sensitive information.
Timing Raises Espionage Concerns:
The cyber attack coincides with the Indian Government's Su-30 MKI fighter jets procurement announcement, raising suspicions of targeted attacks or espionage activities.
The Deceitful ZIP ArchiveSU-30 Aircraft Acquisition
The cyberattack materialised as a sequence of painstakingly planned actions. Using the cleverly disguised ZIP file "SU-30_Aircraft_Procurement," the perpetrators took benefit of the authorisation of 12 Su-30 MKI fighter jets by the Indian Defense Ministry in September 2023. Distributed via the anonymous file storage network Oshi, the fraudulent file most certainly made its way around via spam emails or other forms of correspondence.
The Spread of Infection and Go Stealer Payload:
The infiltration procedure progressed through a ZIP file to an ISO file, then to a.lnk file, which finally resulted in the Go Stealer payload being released. This Go Stealer version, written in the programming language Go, adds sophisticated capabilities, such as a wider range of browsing focussed on and a cutting-edge technique for collecting information using the popular chat app Slack.
Superior Characteristics of the Go Stealer Version
Different from its GitHub equivalent, this Go Stealer version exhibits a higher degree of complexity. It creates a log file in the machine owned by the victim when it is executed and makes use of GoLang utilities like GoReSym for in-depth investigation. The malware focuses on cookies and usernames and passwords from web browsers, with a particular emphasis on Edge, Brave, and Google Chrome.
This kind is unique in that it is more sophisticated. Its deployment's cyber enemies have honed its strengths, increasing its potency and detection resistance. Using GoLang tools like GoReSym for comprehensive evaluation demonstrates the threat actors' careful planning and calculated technique.
Go Stealer: Evolution of Threat
The Go Stealer first appeared as a free software project on GitHub and quickly became well-known for its capacity to stealthily obtain private data from consumers who aren't paying attention. Its effectiveness and stealthy design rapidly attracted the attention of cyber attackers looking for a sophisticated tool for clandestine data exfiltration. It was written in the Go programming language.
Several cutting-edge characteristics distinguish the Go Stealer from other conventional data thieves. From the beginning, it showed a strong emphasis on browser focusing on, seeking to obtain passwords and login information from particular websites including Edge, Brave, and Google Chrome.The malware's initial iteration was nurtured on the GitHub database, which has the Go Stealer initial edition. Threat actors have improved and altered the code to serve their evil goals, even if the basic structure is freely accessible.
The Go Stealer version that has been discovered as the cause of the current internet spying by the Indian Air Force is not limited to its GitHub roots. It adds features that make it more dangerous, like a wider range of browsers that may be targeted and a brand-new way to exfiltrate data via Slack, a popular messaging app.
Secret Communications and Information Expulsion
This variation is distinguished by its deliberate usage of the Slack API for secret chats. Slack was chosen because it is widely used in company networks and allows harmful activity to blend in with normal business traffic. The purpose of the function "main_Vulpx" is specifically to upload compromised information to the attacker's Slack route, allowing for covert data theft and communication.
The Time and Strategic Objective
There are worries about targeted assaults or espionage activities due to the precise moment of the cyberattack, which coincides with the Indian government's declaration of its acquisition of Su-30 MKI fighter fighters. The deliberate emphasis on gathering cookies and login passwords from web browsers highlights the threat actor's goal of obtaining accurate and private data from Indian Air Force personnel.
Using Caution: Preventing Possible Cyber Espionage
- Alertness Against Misleading Techniques: Current events highlight the necessity of being on the lookout for files that appear harmless but actually have dangerous intent. The Su-30 Acquisition ZIP file is a stark illustration of how these kinds of data might be included in larger-scale cyberespionage campaigns.
- Potentially Wider Impact: Cybercriminals frequently plan coordinated operations to target not just individuals but potentially many users and government officials. Compromised files increase the likelihood of a serious cyber-attack by opening the door for larger attack vectors.
- Important Position in National Security: Recognize the crucial role people play in the backdrop of national security in the age of digitalisation. Organised assaults carry the risk of jeopardising vital systems and compromising private data.
- Establish Strict Download Guidelines: Implement a strict rule requiring file downloads to only come from reputable and confirmed providers. Be sceptical, particularly when you come across unusual files, and make sure the sender is legitimate before downloading any attachments.
- Literacy among Government Employees: Acknowledge that government employees are prime targets as they have possession of private data. Enable people by providing them with extensive cybersecurity training and awareness that will increase their cognition and fortitude.
Conclusion
Indian Air Force cyber surveillance attack highlights how sophisticated online dangers have become in the digital era. Threat actors' deliberate and focused approach is demonstrated by the deceptive usage of a ZIP archive that is camouflaged and paired with a sophisticated instance of the Go Stealer virus. An additional level of complication is introduced by integrating Slack for covert communication. Increased awareness, strict installation guidelines, and thorough cybersecurity education for government employees are necessary to reduce these threats. In the digital age, protecting national security necessitates ongoing adaptation as well as safeguards toward ever-more potent and cunning cyber threats.
References
- https://www.overtoperator.com/p/indianairforcemalwaretargetpotential
- https://cyberunfolded.in/blog/indian-air-force-targeted-in-sophisticated-cyber-attack-with-su-30-procurement-zip-file#go-stealer-a-closer-look-at-its-malicious-history
- https://thecyberexpress.com/cyberattack-on-the-indian-air-force/https://therecord.media/indian-air-force-infostealing-malware
