#FactCheck -AI-Generated Video Falsely Claims Iran Unveiled B-2-Like Drone During War
Executive Summary:
Amid the ongoing war involving the United States, Israel, and Iran, a video clip circulating on social media claims to show Iran unveiling a drone resembling the US B-2 stealth bomber. In the viral clip, an aircraft-like object can be seen emerging from a cave before taking off. Several users are sharing the video with the claim that Iran has deployed a B-2-style drone in the conflict.
However, research by the CyberPeace found that the viral video is not real and was generated using artificial intelligence. While the United States has reportedly used B-2 stealth bombers in strikes against Iran during the conflict, the viral clip does not show an actual Iranian drone.
Claim
X user “Muslim_Voice_Space” posted the video on March 3, 2026, claiming that Iran had rolled out a drone resembling the B-2 bomber for use in the war.
Fact Check
To verify the claim, we first closely examined the viral video. In the opening moments of the clip, the wing of the alleged drone appears to hit the side of the cave while exiting. Despite the apparent collision, the aircraft continues flying smoothly without any visible damage. This unusual detail raised doubts about the authenticity of the footage.
We then analyzed the video using the AI detection tool Hive Moderation, which flagged the clip as likely AI-generated.
Further analysis using the Sightengine AI detection tool also suggested that the video was artificially created. The tool estimated a 75% probability that the footage was generated using AI. It also indicated a 70% likelihood that the clip may have been created using Sora, an AI video-generation tool.
Conclusion
The viral video claiming to show an Iranian drone resembling the US B-2 stealth bomber emerging from a cave is not authentic. Analysis indicates that the clip was created using AI tools and is being misleadingly shared in the context of the ongoing conflict.
Related Blogs
Introduction
Devices and interconnectivity are the pipelines which drive the data into cyberspace, and in turn, the users consume this data to perform different tasks in the digital age. The security of devices and networks is essential as they are the first defenders of cyberspace. Bad actors often target systems and networks with malware and ransomware, these attacks are differently motivated, but all wreak havoc upon the system and can impact individuals and organisations alike. Mobile users worldwide prefer iOS or Android, but both operating systems are vulnerable to cyberattacks these days. Some of these attacks go undetected for a long time.
Op Triangulation
As reported by Kaspersky, While monitoring the network traffic of their own corporate Wi-Fi network dedicated to mobile devices using the Kaspersky Unified Monitoring and Analysis Platform (KUMA), Kaspersky noticed suspicious activity that originated from several iOS-based phones. Since it is impossible to inspect modern iOS devices from the inside, they created offline backups of the devices in question, inspected them using the Mobile Verification Toolkit’s mvt-ios and discovered traces of compromise. This is known as Operation Triangulation and has been in action since 2019 and got detected in 2023.
The Malware
A portion of the filesystem, including some of the user data and service databases, is included in mobile device backups. The files, directories, and database entries’ timestamps make it possible to reconstruct the events that happened to the device roughly. The “timeline.csv” file created by the mvt-ios software contains a sorted timeline of events that is comparable to the super-timeline utilised by traditional digital forensic tools. Pinpointing particular artefacts that show the compromise using this timeframe. This made it possible to advance the research and reassemble the broad infection sequence:
Through the iMessage service, a message with an attachment containing an exploit is delivered to the target iOS device.
The message initiates a vulnerability that results in code execution without any user input.
The exploit’s code downloads multiple additional stages, including additional exploits for privilege escalation, from the C&C server.
After successful exploitation, a fully functional APT platform is downloaded as the final payload from the C&C server.
The first message and the attachment’s exploit are removed
The lack of persistence support in the harmful toolset is most likely a result of OS restrictions. Multiple devices’ timeframes suggest that after rebooting, they might get infected again. The earliest signs of infection that we found date to 2019. The most recent version of the devices that have been successfully attacked as of the time of writing in June 2023 is iOS 15.7.
The final payload analysis is still ongoing. The programme executes with root rights, implements a set of commands for gathering user and system data, and can run any code downloaded as plugin modules from the C&C server.
Malicious Domains
Using the forensic artefacts, it was possible to identify the domain name set used by the exploits and further malicious stages. They can be used to check the DNS logs for historical information and to identify the devices currently running the malware:
addatamarket[.]net
backuprabbit[.]com
businessvideonews[.]com
cloudsponcer[.]com
datamarketplace[.]net
mobilegamerstats[.]com
snoweeanalytics[.]com
tagclick-cdn[.]com
topographyupdates[.]com
unlimitedteacup[.]com
virtuallaughing[.]com
web-trackers[.]com
growthtransport[.]com
anstv[.]netAns7tv[.]net
Safeguards for iOS users
Despite its world-class safety and privacy architecture, iOS is vulnerable to a few attacks; the following steps can be undertaken to safeguard iOS users –
Keeping Device updated
Security patches
Disabling iMessage would prevent Zero clicks exploits or the Triangulation attacks
Paying zero attention to unwanted, unsolicited messages
The user should make sure that any application they are downloading or installing; it should be from a trusted source ( This Zero click attack does not occur by any other means, It exploits / it targets software vulnerabilities in operating systems networks and applications)
Being cautious with the messaging app and emails
Implement device restrictions (management features like parental control and restrictions over using necessary applications)
Conclusion
Operation Triangulation is one of the recent operations combating cyber attacks, but such operations are launched nearly daily. This is also due to a rapid rise in internet and technology penetration across the world. Cyberattacks have taken a new face as they have evolved with the new and emerging technology. The influence of the Darknet has allowed many hackers to remain on the black hat side due to easy accessibility to illegal tools and material over the dark net, which facilitates such crimes.
Introduction
The Telecom Regulatory Authority of India (TRAI) has directed all telcos to set up detection systems based on Artificial Intelligence and Machine Learning (AI/ML) technologies in order to identify and control spam calls and text messages from unregistered telemarketers (UTMs).
The TRAI Directed telcos
The telecom regulator, TRAI, has directed all Access Providers to detect Unsolicited commercial communication (UCC)by systems, which is based on Artificial Intelligence and Machine Learning to detect, identify, and act against senders of Commercial Communication who are not registered in accordance with the provisions of the Telecom Commercial Communication Customer Preference Regulations, 2018 (TCCCPR-2018). Unregistered Telemarketers (UTMs) are entities that do not register with Access Providers and use 10-digit mobile numbers to send commercial communications via SMS or calls.
TRAI steps to curb Unsolicited commercial communication
TRAI has taken several initiatives to reduce Unsolicited Commercial Communication (UCC), which is a major source of annoyance for the public. It has resulted in fewer complaints filed against Registered Telemarketers (RTMs). Despite the TSPs’ efforts, UCC from Unregistered Telemarketers (UTMs) continues. Sometimes, these UTMs use messages with bogus URLs and phone numbers to trick clients into revealing crucial information, leading to financial loss.
To detect, identify, and prosecute all Unregistered Telemarketers (UTMs), the TRAI has mandated that Access Service Providers implement the UCC.
Detect the System with the necessary functionalities within the TRAI’s Telecom Commercial Communication Customer Preference Regulations, 2018 framework.
Access service providers have implemented such detection systems based on their applicability and practicality. However, because UTMs are constantly creating new strategies for sending unwanted communications, the present UCC detection systems provided by Access Service providers cannot detect such UCC.
TRAI also Directs Telecom Providers to Set Up Digital Platform for Customer Consent to Curb Promotional Calls and Messages.
Unregistered Telemarketers (UTMs) sometimes use messages with fake URLs and phone numbers to trick customers into revealing essential information, resulting in financial loss.
TRAI has urged businesses like banks, insurance companies, financial institutions, and others to re-verify their SMS content templates with telcos within two weeks. It also directed telecom companies to stop misusing commercial messaging templates within the next 45 days.
The telecom regulator has also instructed operators to limit the number of variables in a content template to three. However, if any business intends to utilise more than three variables in a content template for communicating with their users, this should be permitted only after examining the example message, as well as adequate justifications and justification.
In order to ensure consistency in UCC Detect System implementations, TRAI has directed all Access Providers to deploy UCC and detect systems based on artificial intelligence and Machine Learning that are capable of constantly evolving to deal with new signatures, patterns, and techniques used by UTMs.
Access Providers have also been directed to use the DLT platform to share intelligence with others. Access Providers have also been asked to ensure that such UCC Detect System detects senders that send unsolicited commercial communications in bulk and do not comply with the requirements. All Access Providers are directed to follow the instructions and provide an update on actions done within thirty days.
The move by TRAI is to curb the menacing calls as due to this, the number of scam cases is increasing, and now a new trend of scams started as recently, a Twitter user reported receiving an automated call from +91 96681 9555 with the message “This call is from Delhi Police.” It then asked her to stay in the queue since some of her documents needed to be picked up. Then he said he works as a sub-inspector at the Kirti Nagar police station in New Delhi. He then inquired whether she had recently misplaced her Aadhaar card, PAN card, or ATM card, to which she replied ‘no’. The scammer then poses as a cop and requests that she authenticate the last four digits of her card because they have found a card with her name on it. And a lot of other people tweeted about it.
Conclusion
TRAI directed the telcos to check the calls and messages from Unregistered numbers. This step of TRAI will curb the pesky calls and messages and catch the Frauds who are not registered with the regulation. Sometimes the unregistered sender sends fraudulent links, and through these fraudulent calls and messages, the sender tries to take the personal information of the customers, which results in financial losses.
Executive Summary:
A photoshopped image circulating online suggests Prime Minister Narendra Modi met with militant leader Hafiz Saeed. The actual photograph features PM Modi greeting former Pakistani Prime Minister Nawaz Sharif during a surprise diplomatic stopover in Lahore on December 25, 2015.
The Claim:
A widely shared image on social media purportedly shows PM Modi meeting Hafiz Saeed, a declared terrorist. The claim implies Modi is hostile towards India or aligned with terrorists.
Fact Check:
On our research and reverse image search we found that the Press Information Bureau (PIB) had tweeted about the visit on 25 December 2015, noting that PM Narendra Modi was warmly welcomed by then-Pakistani PM Nawaz Sharif in Lahore. The tweet included several images from various angles of the original meeting between Modi and Sharif. On the same day, PM Modi also posted a tweet stating he had spoken with Nawaz Sharif and extended birthday wishes. Additionally, no credible reports of any meeting between Modi and Hafiz Saeed, further validating that the viral image is digitally altered.
In our further research we found an identical photo, with former Pakistan Prime Minister Nawaz Sharif in place of Hafiz Saeed. This post was shared by Hindustan Times on X on 26 December 2015, pointing to the possibility that the viral image has been manipulated.
Conclusion:
The viral image claiming to show PM Modi with Hafiz Saeed is digitally manipulated. A reverse image search and official posts from the PIB and PM Modi confirm the original photo was taken during Modi’s visit to Lahore in December 2015, where he met Nawaz Sharif. No credible source supports any meeting between Modi and Hafiz Saeed, clearly proving the image is fake.
- Claim: Debunking the Edited Image Claim of PM Modi with Hafiz Saeed
- Claimed On: Social Media
- Fact Check: False and Misleading
