Executive Summary
This report analyses the strategic implications of a significant potential breach within Israel’s intelligence domain, stemming from Iran’s claimed acquisition of highly sensitive Israeli military and nuclear-related documents.
It explores Iran’s evolving intelligence strategy amid a rapidly shifting Middle Eastern geopolitical environment and highlights the internal security challenges faced by Tel Aviv. Should Tehran’s possession of these documents be verified, the breach would represent one of the most serious counterintelligence failures in recent Israeli history.
The report concludes with a risk assessment outlining the potential security, diplomatic, and operational consequences.
Key Takeaways
- Tehran allegedly infiltrated Israeli security structures, obtaining thousands of sensitive documents on nuclear and military infrastructure.
- Iran recruited Israeli citizens using social media and cryptocurrencies, highlighting evolving and sophisticated HUMINT tactics.
- If authenticated and disclosed, the intelligence haul could signal a severe counterintelligence failure for Israel.
Information Background
Iran’s intelligence minister, Esmail Khatib, claimed that Tehran seized “strategic and sensitive” Israeli intelligence, including thousands of pages of documents related to Israel’s nuclear facilities and defence plans. The diplomat asserted these materials would be made public soon.
Khatib, a Shiite cleric, also stated that among the seized documents, some pertain to the United States, Europe, and other countries. Recent arrests of Israelis allegedly spying for Tehran may support the claim that the files were obtained through “infiltration” and “access to sources”. In fact, Iranian state television reported that agents gathered the intelligence during a covert operation, including a large volume of documents, images, and videos.
In October 2024, Israel apprehended seven Israeli citizens for allegedly conducting approximately 600 espionage missions over two years. These operations reportedly involved gathering intelligence on sensitive military sites, including air force and navy installations, ports, Iron Dome system locations, and energy infrastructure such as the Hadera power plant.
Israeli authorities accused the suspects, who were Jewish immigrants from Azerbaijan residing in the Haifa area, of receiving hundreds of thousands of dollars, often via cryptocurrencies, from Iranian agents identified as “Alkhan” and “Orkhan.” The Israeli authorities have described this case as one of the most serious security breaches in recent years.
Additionally, in January 2025, two Israeli reserve soldiers, Yuri Eliasfov and Georgi Andreyev, were arrested on suspicion of spying for Iran. Eliasfov, who served in an Iron Dome unit, allegedly shared classified information about the air defence system with an Iranian handler. Reports indicate Iranian handlers recruited both individuals through social media and paid them with cryptocurrencies.
The state broadcaster reporting on the matter stated that the operation occurred in the recent past, however, media coverage was delayed to facilitate the secure transfer of the sensitive intelligence. Israel’s news outlet reported the intelligence was gathered and transferred by Roy Mizrahi and Almog Atias, two Israelis arrested by the Israeli police in May on suspicion of collecting intelligence on behalf of Iran in the town of Kfar Ahim, where the Israeli Defence Minister Katz lives.
Geopolitical Scenario
In recent years, Iranian intelligence operatives have ramped up efforts to recruit ordinary Israelis as spies in exchange for money. In December 2024, police arrested nearly 30 Israelis, mostly Jewish citizens, for espionage activities on behalf of Iran.
Tehran’s assertion of possessing detailed information on Israel’s nuclear sites and military infrastructure directly threatens the country’s core security and deterrence posture. If verified and disseminated, this intelligence could be exploited by Iran and its proxies to plan sabotage, cyberattacks, or targeted strikes.
The presence of files over Israel’s relations with the United States, Europe, and other countries, potentially enables the Islamic Republic to leverage this data diplomatically or in asymmetric warfare. At a time when populations in Europe, the United States, and the Middle East are increasingly protesting and demanding their governments take action over the Gaza humanitarian crisis, diplomatic support for Israel is quickly fading, despite the absence of any significant changes in military backing.
If Tehran has documents showing the full extent of the support given to Tel Aviv for its offensive and human rights violations in Gaza, it could seriously undermine key Western political leaders, especially as more and more international bodies publicly condemn these actions. Iran could leverage this information to expose hostile countries or influence diplomatic negotiations.
The arrests of Israeli citizens, notably immigrants from Azerbaijan and reserve soldiers recruited via social media, reflect Iran’s adaptive espionage strategies. Utilising diaspora communities and exploiting social media platforms for recruitment signals a shift from traditional espionage to hybrid approaches that blend human intelligence (HUMINT) with cyber exploitation. The use of cryptocurrency payments further indicates operational sophistication aimed at evading financial detection.
The breaches would expose vulnerabilities in Israel’s counterintelligence, also concerning the integration and monitoring of immigrant communities. Faced with the disparity in the number of children per capita between Palestinian and Israeli communities, Tel Aviv’s policy of demographic resilience and military necessity relies on encouraging settlers from around the world to move to the country. While Israeli intelligence has developed thorough surveillance of Palestinian individuals, monitoring the activities of Jewish settlers arriving from abroad proves to be more challenging.
Tel Aviv would likely undertake extensive counterintelligence reforms, focusing on social media monitoring, immigrant vetting, and tighter control of reserve personnel access to classified information. This may involve enhanced surveillance and harsher penalties for espionage but also risk civil liberties concerns domestically.
While the geopolitical landscape has grown accustomed to Israeli attacks within Iran, such as those targeting Iranian nuclear scientists and exposing Iran’s security vulnerabilities, the scale and duration of espionage activities inside Israel—reportedly involving hundreds of missions over two years—point to systemic weaknesses or blind spots in Tel Aviv’s ability to detect insider threats.
If these documents are indeed in Tehran’s possession (currently there are no evidence which confirms or denies this eventuality), the intentional delay in media disclosure suggests that Iran is employing a phased release strategy, aimed at maximising operational advantages and psychological impact while preserving ongoing espionage efforts, in line with a broader information and psychological warfare tactic.
With its Syrian corridor compromised and the Axis of Resistance weakened, Iran may adapt to the current landscape by intensifying its cyber and HUMINT operations against Israeli military infrastructure. This shift could prompt Tel Aviv to strengthen its cyber defences and tighten intelligence oversight, but it may also heighten the likelihood of an Israeli pre-emptive strike on Iranian nuclear and military assets.
Tehran’s promise to make the documents public aims to undermine Israeli domestic confidence, fuel dissent, and signal Iranian resilience despite international pressure. If the Islamic Republic follows through, it could trigger political fallout within Israel, potentially impacting government stability and public trust in security agencies.
Iran may also seek to leverage the intelligence trove in regional diplomatic negotiations. The Western-related material could be used as a bargaining tool or to reinforce the narrative of non-aligned actors regarding Western double standards and neo-colonial attitudes.
Moreover, it is possible that the release of this information, whether true or not, is not intended exclusively for Israeli audiences.
Domestically, such a disclosure may be aimed at reinforcing the image of strength and success projected by the Islamic Republic and its Revolutionary Guard Corps (IRGC), particularly in the wake of significant setbacks, including the elimination of several senior figures within its regional proxy network and the deterioration of its relationship with Syria.
In the context of nuclear negotiations, the timing of this revelation may also be linked to the recent scandal involving Israeli espionage against senior European political figures. If Israel indeed holds compromising material on them, Iran may now either possess or claim to possess similarly sensitive information. This potential leverage could serve Tehran as a tactical asset in the broader framework of information warfare, a long-running contest that also plays out between Iranian and European media ecosystems.
Conclusion
This alleged intelligence coup by Iran appears to fall squarely within the broader context of the long-running shadow war between the two countries, a conflict marked by cyberattacks, information and psychological warfare, proxy engagements, drone strikes, and covert operations, including assassinations and acts of sabotage.
Notably, the timing of this development coincides with an expected move by Western nations to present a resolution before the IAEA Board of Governors, seeking to declare Iran in noncompliance with its obligations under the UN nuclear framework. In this light, Tehran’s actions may be interpreted as a calculated display of strength.
From the Israeli perspective, the alleged leak underscores persistent concerns over Iran’s efforts to recruit Israeli citizens for espionage. Tehran has demonstrated high resilience and an ability to rapidly adapt to evolving geopolitical dynamics. Its strategic posture continues to favour asymmetric methods of warfare over direct military engagement, an approach that contrasts with Israeli Prime Minister Benjamin Netanyahu’s increasingly vocal support for a pre-emptive strike against Iran’s nuclear infrastructure.
The prospect of a direct confrontation remains deeply concerning. While Iran is reportedly still in the uranium enrichment phase, Israel, despite its policy of deliberate ambiguity, remains the only state in the Middle East known to possess nuclear weapons, adding a dangerous layer of escalation potential.
Although there is currently no definitive evidence that Iran possesses the alleged documents, it is plausible that Tehran has, over the years, invested significant effort in retaliating for the 2018 Israeli operation that exposed over 100,000 documents related to Iran’s secret “Project Amad”.
