World
Iran expands phone-tracking cyberwarfare against U.S. and Israel
U.S. military personnel and contractors in the Middle East were targeted in a coordinated phone-tracking campaign before and during the Iran war, with telecom data pointing to repeated SS7 location requests aimed at specific devices. The activity began in the buildup to the U.S.-Israeli attack on Iran in late February 2026 and continued into the war’s early days, putting battlefield security and troop movement at risk.
Mobile network operators across the region detected and blocked the traffic, which looked coordinated rather than opportunistic. SS7 requests can expose the approximate location of a phone roaming outside its home network, making the system a long-standing weak point in international telecommunications and a useful tool for anyone trying to follow a target across borders.

Officials in Gulf countries suspected Iran or Iran-linked groups of exploiting roaming agreements with regional operators to generate the location data. Actors linked to Iran also used commercially available smartphone advertising databases to locate phones in Iraqi Kurdistan.
Gary Miller of Citizen Lab said Iran has the capability to obtain real-time, immediate and continuous location information, and said it would not be surprising if Iranian actors were using SS7 or access to regional mobile networks to track U.S. users. Citizen Lab's investigation uncovered two sophisticated telecom surveillance campaigns and linked real-world attack traffic to mobile operator signalling infrastructure for the first time.

In April 2026, U.S. Central Command told Congress that it had received multiple reports of adversaries trying to exploit commercial location data to monitor or target U.S. personnel and had taken force-protection measures in response.
Sources
- [1]nytimes.com
- [2]iranintl.com
- [3]techcrunch.com
- [4]ndtv.com
- [5]news18.com
- [6]citizenlab.ca