#FactCheck : Old images of US sailors falsely linked to ongoing Iran tensions

Research Wing
Research Wing
Innovation and Research
PUBLISHED ON
Mar 30, 2026
10

Executive Summary

After Donald Trump said that US Navy ships would soon begin escorting tankers through the Strait of Hormuz, several old images resurfaced on social media with claims that they show American sailors recently captured by Iran amid the ongoing Middle East tensions. Research by CyberPeace found that the viral posts are misleading. The images being circulated are nearly a decade old and have no connection to the ongoing situation in the Middle East.

Claim:

Posts circulating on Facebook alleged that Iran had captured 10 US Navy personnel — nine men and one woman — and detained them at a military base on Farsi Island. The caption further claimed that the incident was reported by Iranian official Ali Larijani and denied by Donald Trump.

https://perma.cc/3NGN-ER8R

https://www.facebook.com/photo/?fbid=1381610870661566&set=pcb.1381611363994850 

Fact Check

A reverse image search revealed that the viral images are not recent. They were published as early as January 13, 2016, by ABC News in a report titled “Iran Releases 10 Navy Sailors Held After Drifting Into Iranian Waters.”

https://abcnews.com/International/iran-releases-10-navy-sailors-held-drifting-iranian/story?id=36260919 

Further checks showed that the same images were distributed by AFP, with credits to Sepah News, the media wing of Iran’s Revolutionary Guards.

Context

The images relate to a 2016 incident in which two US Navy patrol boats accidentally entered Iranian waters. The crew was detained and taken to Farsi Island. Iran later released the sailors after determining that the intrusion was unintentional and that there was no hostile intent.

Conclusion

The viral posts are misleading. The images being shared are nearly a decade old and unrelated to the ongoing situation in the Middle East.

PUBLISHED ON
Mar 30, 2026
Category
#FactCheck
TAGS
#
#FactCheck

Related Blogs

Cyber Operations and Critical Infrastructure Resilience
Cyber Operations and Critical Infrastructure Resilience
Cyber Operations and Critical Infrastructure Resilience
10
December 16, 2025

Introduction

Cyberwarfare has evolved into one of the most decisive instruments of statecraft and conflict. The increasing digitisation of critical infrastructure like power grids, water systems, transportation systems, healthcare networks, and energy sources has made these systems new targets in the war of algorithms. Military logic is evolving to paralyse the nation’s critical infrastructure to keep its resources engaged in repairing them and thereby break the nation’s ability to deter and counter attacks, all without firing a single bullet. 

From Ransomware to an Invisible Sabotage: The changing nature of warfare

The operational technology (OT) landscape has become the epicentre of cyber operations, all around the world. Once, which was insulated, related to industrial systems that controlled turbines, pipelines, or dams, they now stand connected to the Internet through supervisory control and data acquisition (SCADA) and the Internet of Things. These connections have also become gateways for attackers, besides enhancing the efficiency of the infrastructural lifelines of the nation.   

Groups like Volt Typhoon, Sandworm, Laurionite, and Cyberavengers have transformed the art of digital infiltration into a strategic shift. Volt Typhoon, which is linked to China, has used “living-off-the-land” techniques to exploit the legitimate administrative tools to remain invisible while scanning the critical infrastructures in the US. Sandworm, which is aligned with Russia’s GRU (Glavnoye Razvedyvatelnoye Upravlenie) or Main Intelligence Directorate (in English), has demonstrated the power of cyber sabotage in real time, as its attacks on Ukraine’s power grids in 2015 and 2021 had left millions in darkness, coinciding with kinetic missile strikes. Meanwhile, the Iranian-affiliated Cyberavengers group, which has weaponised the AI-assisted malware, such as IOCONTROL, that are capable of hijacking water and energy control systems. Each of these systems used in these operations reflects a shift from direct espionage activities to a state of strategic paralysis. 

In comparison to the traditional cybercrime activities that are aimed at stealing data and extortion of money, these campaigns repeatedly target the physical systems, which consist of the machinery that sustains civilian life and military preparedness.  

The Military Logic behind Cyber Targeting: A Web of Vulnerabilities 

A critical infrastructure is a complex ecosystem that covers power generation, transportation, communication, and manufacturing are all interconnected, which means a single compromised node can cascade into a national paralysis. For instance, a breach in the systems of the dam can flood an entire city, a grid shutdown can halt water supply to hospitals, and even affect air traffic. The 2015 Black Energy Malware attack in Ukraine has proved this possibility when three utilities were hacked, plunging thousands of homes into darkness. The Iranian hackers once again gained access to the Bowman Avenue Dam of New York and controlled its floodgates, which gave a chilling demonstration of the destructive reality of digital manipulation. 

The systems remain vulnerable mainly for 3 reasons such as- 

  • Legacy Architectures: Many of these industrial systems were designed decades ago with no built-in cybersecurity mechanisms. 
  • Slow Patching and Segmentation Gaps: All updates and segmentation between IT and TO networks often lag, providing open entry points for attackers. 
  • Converging with IoT: The integration of smart sensors and cloud-based management tools has expanded the attack surface exponentially. 

This interconnected fragility has turned our critical infrastructures into both a weapon and a target or a tool for coercion in modern hybrid warfare. Between 2023 and 2024, over 420 cyberattacks were witnessed in several critical global infrastructures, which averaged to 13 attacks per second, according to a news report. These were not just random acts of digital vandalism; they were deliberate and coordinated operational attempts by state-led actors from China, Russia, and Iran. 

Developing a new Resilience as the new tool of Deterrence 

Cyber deterrence no longer rests on the fear of retaliation, it relies on the need for resilience. Nations that can absorb attacks, maintain continuity, and recover rapidly would be the true superpowers of this digital age. Segmentation, real-time threat detection, and AI-assisted recovery models are vital pillars of this model of resilience. The logic of modern cyberwarfare is clear, which means that the more a nation digitizes, the more it will need to defend itself. 

However, as the line between war and peace blurs, safeguarding critical infrastructure is no longer just an IT priority; rather, it is a national security doctrine. In this silent theatre of cyberwarfare, survival will depend not only on firepower, but on firewalls. 

References

Safer Internet Day 2023
Safer Internet Day 2023: CyberPeace Launch iSafe Multimedia Resources, CyberPeace TV and CyberPeace cafe
Cyber Peace Foundation launches multiple new initiatives in a giant leap towards a safer digital world for all.
10
February 13, 2023

On the occasion of 20th edition of Safer Internet Day 2023, CyberPeace in collaboration with UNICEF, DELNET, NCERT, and The National Book Trust (NBT), India, took steps towards safer cyberspace by launching iSafe Multimedia Resources, CyberPeace TV, and CyberPeace Café in an event held today in Delhi.

CyberPeace also showcased its efforts, in partnership with UNICEF, to create a secure and peaceful online world through its Project iSafe, which aims to bridge the knowledge gap between emerging advancements in cybersecurity and first responders. Through Project iSafe, CyberPeace has successfully raised awareness among law enforcement agencies, education departments, and frontline workers across various fields. The event marked a significant milestone in the efforts of the foundation to create a secure and peaceful online environment for everyone.

Launching the Cyberpeace TV, café and isafe material , National Cybersecurity coordinator of Govt of India, Lt Gen Rajesh Pant interacts with the students by introducing them with the theme of this safer internet day. He launched the coword cyber challenge initiative by the countries. Content is most important in cyberspace. He also assured everyone that the government of India is taking a lot of steps at national level to make cyber space safer. He compliments CPF for their initiatives.

Ms. Zafrin Chaudhry, Chief of Communication, UNICEF addresses students with the facts that children make out 1 out of 3 in cyberspace, so they should have a safe cyberspace. They should be informed and equipped with all the information on how to deal with any kind of issues they face in cyberspace. They should share their experience with everyone to make others aware. UNICEF in partnership with CPF is extending help to children to equip them with the help and information.

Major Vineet Kumar, Founder and Global President of CPF welcomed all and introduced us about the launching of iSafe Multimedia Resources, CyberPeace TV, and CyberPeace Café . With this launch he threw some light on upcoming plans like launching a learning module of metaverse with AR and VR. He wants to make cyberspace safe even in tier 3 cities that’s why he established the first cybercafé in Ranchi.

As the internet plays a crucial role in our lives, CyberPeace has taken action to combat potential cyber threats. They introduced CyberPeace TV, the world’s first multilingual TV Channel on Jio TV focusing on Education and Entertainment, a comprehensive online platform that provides the latest in cybersecurity news, expert analysis, and a community for all stakeholders in the field. CyberPeace also launched its first CyberPeace Café for creators and innovators and released the iSafe Multimedia resource containing Flyers, Posters, E hand book and handbook on digital safety for children developed jointly by CyberPeace, UNICEF and NCERT for the public.

O.P. Singh, Former DGP, UP Police & CEO Kailash Satyarthi foundation, , started with the data of internet users in India. The Internet is used in day-to -day activities nowadays and primarily in social media. Students should have a channelized approach to cyberspace like fixed screen time, information to the right content, and usage of the internet. I really appreciate the initiates that CyberPeace is taking in this direction.

The celebration continued by iSafe Panel Discussion on “Creating Safer Cyberspace for Children.” The discussion was moderated by Dr. Sangeeta Kaul, Director of DELNET, and was attended by panellists Mr. Rakesh Maheshwari from MeitY(Ministry of electronics and information Technology, Govt. of India), Dr. Indu Kumar from CIET-NCERT, Ms. Bindu Sharma from ICMEC, and Major Vineet Kumar from CyberPeace.

The event was also graced by professional artists from the National School of Drama, who performed Nukkad Natak and Qawwali based on cyber security themes. Students from SRDAV school also entertained the audience with their performances. The attendees were also given a platform to share their experiences with online security issues, and ICT Awardees, Parents and iSafe Champions shared their insights with the guests. The event also had stalls by CyberPeace Corps, a Global volunteer initiative, and CIET-NCERT for students to explore and join the cause. The event’s highlight was the 360 Selfie Booth, where attendees lined up to have their turn.

Read more at: https://www.cxotoday.com/press-release/safer-internet-day-2023-cyberpeace-launch-isafe-multimedia-resources-cyberpeace-tv-and-cyberpeace-cafe/

Rapid Exploitation of Proof-of-Concept Exploits: A Growing Cybersecurity Threat
Rapid Exploitation of Proof-of-Concept Exploits: A Growing Cybersecurity Threat
10
July 24, 2024

Executive Summary:

A new threat being uncovered in today’s threat landscape is that while threat actors took an average of one hour and seven minutes to leverage Proof-of-Concept(PoC) exploits after they went public, now the time is at a record low of 22 minutes. This incredibly fast exploitation means that there is very limited time for organizations’ IT departments to address these issues and close the leaks before they are exploited. Cloudflare released the Application Security report which shows that the attack percentage is more often higher than the rate at which individuals invent and develop security countermeasures like the WAF rules and software patches. In one case, Cloudflare noted an attacker using a PoC-based attack within a mere 22 minutes from the moment it was released, leaving almost no time for a remediation window. 

Despite the constant growth of vulnerabilities in various applications and systems, the share of exploited vulnerabilities, which are accompanied by some level of public exploit or PoC code, has remained relatively stable over the past several years and fluctuates around 50%. These vulnerabilities with publicly known exploit code, 41% was initially attacked in the zero-day mode while of those with no known code, 84% was first attacked in the same mode. 

Modus Operandi:

The modus operandi of the attack involving the rapid weaponization of proof-of-concept (PoC) exploits is characterized by the following steps:

  • Vulnerability Identification: Threat actors bring together the exploitation of a system vulnerability that may be in the software or hardware of the system; this may be a code error, design failure, or a configuration error. This is normally achieved using vulnerability scanners and test procedures that have to be performed manually. 
  • Vulnerability Analysis: After the vulnerability is identified, the attackers study how it operates to determine when and how it can be triggered and what consequences that action will have. This means that one needs to analyze the details of the PoC code or system to find out the connection sequence that leads to vulnerability exploitation. 
  • Exploit Code Development: Being aware of the weakness, the attackers develop a small program or script denoted as the PoC that addresses exclusively the identified vulnerability and manipulates it in a moderated manner. This particular code is meant to be utilized in showing a particular penalty, which could be unauthorized access or alteration of data. 
  • Public Disclosure and Weaponization: The PoC exploit is released which is frequently done shortly after the vulnerability has been announced to the public. This makes it easier for the attackers to exploit it while waiting for the software developer to release the patch. To illustrate, Cloudflare has spotted an attacker using the PoC-based exploit 22 minutes after the publication only. 
  • Attack Execution: The attackers then use the weaponized PoC exploit to attack systems which are known to be vulnerable to it. Some of the actions that are tried in this context are attempts at running remote code, unauthorized access and so on. The pace at which it happens is often much faster than the pace at which humans put in place proper security defense mechanisms, such as the WAF rules or software application fixes. 
  • Targeted Operations: Sometimes, they act as if it’s a planned operation, where the attackers are selective in the system or organization to attack. For example, exploitation of CVE-2022-47966 in ManageEngine software was used during the espionage subprocess, where to perform such activity, the attackers used the mentioned vulnerability to install tools and malware connected with espionage. 

Precautions: Mitigation

Following are the mitigating measures against the PoC Exploits: 

1. Fast Patching and New Vulnerability Handling 

  • Introduce proper patching procedures to address quickly the security released updates and disclosed vulnerabilities. 
  • Focus should be made on the patching of those vulnerabilities that are observed to be having available PoC exploits, which often risks being exploited almost immediately.
  • It is necessary to frequently check for the new vulnerability disclosures and PoC releases and have a prepared incident response plan for this purpose. 

2. Leverage AI-Powered Security Tools 

  •  Employ intelligent security applications which can easily generate desirable protection rules and signatures as attackers ramp up the weaponization of PoC exploits. 
  • Step up use of artificial intelligence (AI) - fueled endpoint detection and response (EDR) applications to quickly detect and mitigate the attempts. 
  • Integrate Artificial Intelligence based SIEM tools to Detect & analyze Indicators of compromise to form faster reaction. 

 3. Network Segmentation and Hardening 

  • Use strong networking segregation to prevent the attacker’s movement across the network and also restrict the effects of successful attacks. 
  • Secure any that are accessible from the internet, and service or protocols such as RDP, CIFS, or Active directory. 
  • Limit the usage of native scripting applications as much as possible because cyber attackers may exploit them. 

4. Vulnerability Disclosure and PoC Management 

  • Inform the vendors of the bugs and PoC exploits and make sure there is a common understanding of when they are reported, to ensure fast response and mitigation. 
  • It is suggested to incorporate mechanisms like digital signing and encryption for managing and distributing PoC exploits to prevent them from being accessed by unauthorized persons. 
  • Exploits used in PoC should be simple and independent with clear and meaningful variable and function names that help reduce time spent on triage and remediation. 

5. Risk Assessment and Response to Incidents 

  • Maintain constant supervision of the environment with an intention of identifying signs of a compromise, as well as, attempts of exploitation. 
  • Support a frequent detection, analysis and fighting of threats, which use PoC exploits into the system and its components. 
  • Regularly communicate with security researchers and vendors to understand the existing threats and how to prevent them.

Conclusion:

The rapid process of monetization of Proof of Concept (POC) exploits is one of the most innovative and constantly expanding global threats to cybersecurity at the present moment. Cyber security experts must react quickly while applying a patch, incorporate AI to their security tools, efficiently subdivide their networks and always heed their vulnerability announcements. Stronger incident response plan would aid in handling these kinds of menaces. Hence, applying measures mentioned above, the organizations will be able to prevent the acceleration of turning PoC exploits into weapons and the probability of neutral affecting cyber attacks. 

Reference:

https://www.mayrhofer.eu.org/post/vulnerability-disclosure-is-positive/

https://www.uptycs.com/blog/new-poc-exploit-backdoor-malware

https://www.balbix.com/insights/attack-vectors-and-breach-methods/

https://blog.cloudflare.com/application-security-report-2024-update

Become a part of our vision to make the digital world safe for all!

Numerous avenues exist for individuals to unite with us and our collaborators in fostering  global cyber security

Awareness

Stay Informed: Elevate Your Awareness with Our Latest Events and News Articles Promoting Cyber Peace and Security.

CyberPeace Corps Induction Workshop
The Missing Link Trust to combat online child trafficking
Cyber Safety Carnival
Safer Internet Day 2023
Indian schools and colleges under digital siege: Massive cyber breach crisis exposed
Over 2 lack cyberattacks, 4 lakh data breaches hit Indian educational institutions in 9 months
Lessons in Cybersecurity Required: 2 Lakh Cyberattacks Shake Indian Education Sector in Just Nine Months
2 lakh cyberattacks, 4 lakh data breaches in Indian educational sector in 9 months

Engagement

Your institution or organization can partner with us in any one of our initiatives or policy research activities and complement the region-specific resources and talent we need.

Discover ways to collaborate
Request for Proposals

Play your part for CyberPeace

Donate to us directly to help us build more pioneering initiatives.

Donate Now