Iran doesn’t need to fire missiles to be dangerous. It already sees the UK as a threat. And it’s acting accordingly.
That’s the clear warning from Parliament’s Intelligence and Security Committee in its July 2025 report. Drawing on classified material, the report exposes Iran’s deep-rooted hostility to the West, and how that ideology is driving a wide range of hostile activity against the UK.
From targeted cyber attacks and online espionage to physical threats against dissidents and journalists living in Britain, the Iranian regime is playing a long game. One shaped by survival instinct, historic grievances, and a willingness to partner with adversaries like Russia and China when it suits its goals.
“The enemy of my enemy is my friend.”
A Revolutionary State with a Defensive Mindset
At the heart of Iran’s strategy is regime survival. The Islamic Republic, born of the 1979 revolution, sees itself as under siege. This worldview (paranoid, defiant, and fiercely self-reliant) shapes all its actions.
The UK features on Iran’s adversary list, just behind the US, Israel, and Saudi Arabia. The regime’s aims are clear: reduce the UK’s military footprint in the region, weaken alliances with Washington and Tel Aviv, and silence criticism of Tehran from within the UK’s borders.
According to the report, Iran believes that only asymmetric power will keep it safe. That means proxy networks, offensive cyber capabilities, and deniable operations. Iran wants influence, but without inviting direct conflict on its own soil.
A Ferociously Funded Intelligence Machine
For a country of its size, Iran punches far above its weight in espionage.
Its intelligence services, including the Ministry of Intelligence and Security (MOIS) and the Islamic Revolutionary Guard Corps (IRGC), are well-funded, aggressive, and difficult to predict. There’s also a worrying level of tension between agencies, which the report says creates volatility in their operations.
The UK is already under pressure. The espionage threat (once Iran’s primary lever against Britain) now competes with an escalating risk of physical attacks. MI5 warned that dissidents living in the UK face a level of threat comparable to that posed by Russia.
At least 15 plots to kidnap or assassinate individuals in the UK have been uncovered since 2022. These aren’t just intelligence operations. They’re acts of foreign policy, carried out in quiet corners of London and Manchester.
Cyber: A Weapon of Choice
Iran is described as a “capable and aggressive cyber actor.” It prefers deniable digital strikes to overt military action, and it’s getting better at them.
While the UK hasn’t yet become Iran’s top cyber target, the report warns that could change quickly. Cyber operations have already targeted energy, telecoms, and government infrastructure in other regions. The skills are there. The intent, too.
These campaigns serve multiple goals: stealing secrets, disrupting systems, and intimidating dissidents. The cyber domain also allows Iran to bypass physical borders and legal constraints, giving it a powerful tool for indirect warfare.
Iran’s cyber spying operations are directly related to its strategic interests. It targets Iranian media outside the country, diaspora officials, and Western institutions involved in nuclear negotiations or regional diplomacy. The signal is clear: there is a price for criticism.
Threats at Home and Abroad
Iran’s hostility plays out not just in cyberspace but in real life, on British streets.
The Committee found that Iranian officials do not view attacks on individuals in the UK as attacks on the UK itself. Dissidents are seen as internal enemies, even when they’ve fled abroad. When protests erupted inside Iran in 2022, the regime responded by increasing its surveillance and intimidation of critics living in the UK and Europe.
It’s a strategy known as “forward defence.” Rather than fight on home soil, Iran outsources its dirty work. Proxy groups, including Hizbollah, Hamas, and others linked to Al-Qaeda, carry out operations under control of Tehran, in varying degrees.
It provides deniability. It also breeds dangerous ambiguity. When proxies do their own thing, the chances of escalation grow.
Nuclear Intentions: Ambiguous, But Real
The nuclear issue hasn’t gone away. Iran still hasn’t built a weapon, and the report says no formal decision to do so has been made. But Tehran retains the technical capacity to arm quickly if needed, and appears to be holding that option in reserve.
Since the US pulled out of the JCPOA deal in 2018, Iran has stepped up its nuclear activity. The threat has grown, as has its unpredictability.
The Supreme Leader’s thoughts are still unclear. One of his officials believes that Iran is seeking to have “nuclear ambiguity”, enough to deter but not enough to invite. But the line is razor-thin. And one wrong move in the Gulf or in a diplomatic corridor could tip the scales.
A Threat That Won’t Sit Still
Iran’s threat profile is different from that of Russia or China. It’s narrower. More opportunistic. Less predictable.
But that doesn’t make it any less dangerous.
The report stresses that Iran is a rational actor, but one that can escalate sharply with little warning. It’s flexible, pragmatic, and willing to take risks. It views partnerships with China and Russia through a transactional lens. If it serves Tehran’s interests, the handshake happens, ideology notwithstanding.
In recent years, Iran has provided material and diplomatic support to Russia’s war in Ukraine. This reflects a wider pattern: Iran doesn’t need to like its allies. It just needs to see value in them.
Time for a Coherent UK Response
The Committee raises questions about Britain’s own posture. Is the UK merely reacting to events, or shaping them? Are departments aligned? Are threats being tracked across borders and sectors?
The report calls for a long-term, joined-up approach to deterrence. More investment in intelligence.
Stronger public attribution of cyber incidents. Better protection for exiles and dissidents.
Because Iran is not going away. Its methods are evolving. Its reach is growing. And the quiet war, online, on airwaves, and on pavements, is already here.
No Surprises Here
Graeme Stewart, head of public sector at Check Point said, “This report won’t come as a shock to those of us tracking Iranian hackers. They’re among the most aggressive and unpredictable players in the cyber world; skilled, well-resourced, and increasingly emboldened. In moments of geopolitical tension, they move quickly. Right now, with Iran under pressure and the West in their sights, the conditions are perfect for an escalation in digital aggression.
“But it’s not just the state-aligned groups we’re watching. There’s also a surge in politically motivated hackers and financially driven gangs operating from or with links to Iran. Some act as proxies. Others simply use the noise as cover.
“The likely targets? Critical infrastructure, banking, public services; anywhere they can cause disruption, confusion, or extract value. Iranian hackers don’t just push boundaries. They erase them.”
Information Security Buzz News Editor
Kirsten Doyle has been in the technology journalism and editing space for nearly 24 years, during which time she has developed a great love for all aspects of technology, as well as words themselves. Her experience spans B2B tech, with a lot of focus on cybersecurity, cloud, enterprise, digital transformation, and data centre. Her specialties are in news, thought leadership, features, white papers, and PR writing, and she is an experienced editor for both print and online publications.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.