December 3rd, 2025.
IRGC Intelligence Headquarters, Tehran.
3:48 in the morning.
Simurgh had been operational for 14 months.
Iran’s AI surveillance network monitored 6 million faces across Tehran’s camera grid in real time, cross-referencing camera footage, bank transactions, and GPS data, hunting the behavioral signatures that every foreign agent leaves behind without knowing it.
>> >> Iran’s counterintelligence had failed to catch a single Israeli operative for a decade.
The machine had caught 19 in 14 months and forced Unit 8200 to evacuate every field asset from the country.
At 3:48, Simurgh issued a red protocol alert.
Confirmed enemy agent.
The name on the screen was General Mohammad Reza, commander of IRGC Cyber Command, the man who had spent 3 years and $400 million building Simurgh and personally trained it on classified files detailing every known Israeli intelligence method.
>> The operation had no name in any intelligence manual.
Mossad had not breached the system.
They had poisoned it, carefully, patiently, from the outside.
How do you bring down the most advanced spy network in Iranian history from a warehouse in Europe? How do you start a civil war inside an intelligence agency without firing a single shot? And what do you do when the system you built to catch spies decides you are one? The answer begins 14 months earlier with a single cooling controller in a shipment of 10.
Stories like this one don’t make headlines.
They surface years later in leaks and court documents and intelligence reviews.
Subscribe for a new one every week.
Operations built not on force, but on patience.
October 2024 Unit 8200 headquarters, Tel Aviv.
The procurement document had been posted on a European industrial supply platform in late September.
14 pages.
Industrial cooling controllers for high-density server environments.
The buyer was listed as Kaveh Industrial Solutions, a Tehran-based infrastructure firm registered in 2019.
The specifications were the problem.
The units needed to sustain continuous loads above 90 kilowatts, run without scheduled maintenance for 18 months, and operate within a temperature variance of less than 1° C.
That profile did not match a commercial data center.
It matched a facility running at maximum capacity around the clock >> >> in an environment where outside maintenance personnel were not permitted.
Unit 8200’s procurement intelligence team flagged it on a Wednesday.
By Friday, three analysts had mapped Kaveh Industrial Solutions through four shell companies back to a procurement subsidiary of IRGC Cyber Command.
The man who read their report was called Drawer inside the building.
He ran the Iran technical operations desk.
He had been running it for 11 years, and he had learned to pay attention to what Iran’s military bought almost as much as to what it built.
Drawer pulled the Simurgh facility schematic from his drawer.
The document had arrived eight weeks earlier through a contact inside the Iranian Defense Ministry.
A contact who had gone dark the following week.
The schematic showed a five-level underground structure on the eastern edge of Tehran.
Server halls on levels three and four.
A cooling infrastructure running the full length of both floors, and no external network connection anywhere in the diagram.
An air gap.
No internet.
No remote access.
The only way in was physical.
Before the schematic, there had been a folder.
Drawer kept it in the second drawer under the procurement files.
Inside, 11 contact termination reports.
Each one stamped in red.
The first was dated 10 months ago.
An asset at a Tehran university arrested at a checkpoint with a cover that had taken 2 years to build.
>> >> The next nine followed at intervals of 3 to 8 weeks.
Each from a different city, different cover, different network.
Iran’s counterintelligence apparatus improving steadily for 2 years.
Then, the 11th, dated 2 weeks ago.
A courier picked up within 3 hours of his first activation.
Simurgh had been online for 18 days.
The machine had not been guessing.
It had matched the courier’s movement pattern against six separate data points before the man reached the drop point.
Two other assets had been identified and pulled before Iranian security could act on the system’s flags.
The 11 in the folder were the ones who had not made it out in time.
Unit 8200’s analysts had run the projections.
At Simurgh’s demonstrated rate, 18 months before running any human operation inside Iran became effectively impossible.
Drawer had been looking for a way into Simurgh since the first report.
The procurement document was the first opening he had seen.
He called Tamar into the office.
Tamar ran hardware analysis for the unit.
She had spent 4 years at a semiconductor firm before joining 8200, and she understood industrial cooling systems in the specific way that made her useful in exactly this kind of situation.
She came in, sat down, and looked at the procurement document without being told what she was looking at.
She read it once.
>> >> Then she looked at the schematic.
“The controllers run proprietary firmware,” she said.
“Yes.
If we supply them, we write the firmware.
” Drawer nodded.
“The payload needs a trigger,” >> >> Tamara said.
“Something that stays dormant during installation and testing.
” She turned the page in the schematic.
“Temperature.
When the servers hit full operational load, the cooling draw crosses a specific threshold.
We set the activation point there.
Below it, the controller behaves normally.
Above it, the payload initializes.
How long to build it?” “The hardware modifications, six weeks.
The payload itself depends on what you need it to do once it is inside.
” Drawer placed a second document on the desk.
A technical summary of Simurgh’s neural architecture, partial, reconstructed from intercepts and a single source report, but enough to understand the structure.
“We need it to change how the network thinks,” he said.
“Not destroy it.
Not shut it down.
Change it.
” Tamara looked at the document for a long time.
“You want to retrain a closed neural network from inside a cooling unit?” “We want it to believe certain people are threats.
Specific people.
People it already knows.
” Tamara picked up the procurement document again.
The deadline for supplier responses was three weeks away.
The controllers needed to be manufactured, modified, tested, and shipped through a chain of at least two intermediary distributors before they reached Tehran.
“22 weeks,” she said.
“If nothing breaks.
” That same month, at Parchin 4 in Tehran, the system he was planning to destroy had just come online for the first time.
Dr.
Saeed Vahidi had the key card in his left jacket pocket.
He had been carrying it there since that morning, the way a person is careful with something that represents 3 years of their life.
The card was matte gray metal, the size of a standard access pass.
Engraved along the bottom edge in small numerals, P4.
General Reza had handed it to him at a ceremony that lasted 4 minutes.
There was no speech.
Reza had looked at him and said, “The first one in.
” Then he had clapped Vahedi once on the shoulder, turned away, and immediately taken a phone call.
He was still talking when Vahedi walked into the hall.
The server hall on level 3 was 22 m long.
The racks ran in four parallel rows.
The cooling units, 47 of them, ran along the ceiling and the east wall.
The temperature inside was held at 18° C.
Vahedi could see his breath.
He walked the length of the hall alone.
The rest of the team waited at the entrance.
Behind him, through the open door, he could hear Reza on the phone in the corridor, running through a final security checklist with someone at the ministry.
Vahedi stopped at the main interface terminal and inserted the key card.
The screen came on.
The initialization sequence ran for 31 seconds.
Then the display showed a single line of text, “Simurgh online.
” He stood there in the cold.
Then he typed the first command.
The system responded in 212 milliseconds.
Vahedi noted the time in the logbook he kept in his coat pocket.
A paper logbook, because Reza had insisted that the first operational record be handwritten.
“Old habit,” Reza had said.
“New machine, old habit.
” Vahedi wrote the time, the date, and the response latency.
He closed the logbook.
He put it back in his pocket next to the key card.
November 2024, Zug, Switzerland.
The company was called Meridian Cooling Systems AG, >> >> registered on the 1st of November.
Two employees on paper.
A leased office on the third floor of a commercial building near the railway station.
A phone line and a website listing three industrial product lines.
The website had been live for 11 days before the Kaveh Industrial Solutions tender closed.
Meridian >> >> submitted the lowest bid.
It won on the 12th of November.
Six weeks to manufacture.
The controllers were built at a facility in northern Germany under a subcontract placed with a legitimate industrial supplier.
Nine of the 10 units were unmodified.
Unit seven carried to Mars firmware.
The modification added 437 lines of code to a package that ran to just under 200,000 lines total.
Below 63° C, normal operation.
Above 63°, Hydro 7 would initialize.
The shipment left Hamburg on the 3rd of January 2025.
It cleared Iranian customs at Bandar Abbas on the 19th.
The customs officer on duty that morning opened two of the 10 crates, checked the serial numbers against the manifest, and waved the shipment through.
Unit seven was in crate four.
He did not open crate four.
The shipment reached Tehran on the 22nd, transferred through a government logistics contractor to a staging facility on the eastern edge of the city.
On the 27th of January, the 10 controllers were delivered to Parchin four.
Installation took three days.
The facility’s own maintenance crew did the work supervised by one of Vahedi’s junior engineers.
Unit seven was mounted on the east wall of level three, third position from the left.
31 cm from the primary server rack.
The installation report was signed on the 30th of January.
Vahedi countersigned it without reading the technical annex, February 9th, 2025, Tehran.
The behavioral poisoning operation had a designated start date.
The Kidon team had spent three weeks beforehand mapping the daily routines of six senior IRGC officers, their commute routes, their habitual stops, the camera coverage along each stretch of road.
The work required precision above everything else.
Simurgh built threat profiles through accumulation.
A single anomalous data point meant nothing.
A face that appeared within 50 m of three separate behavioral anomalies, an irregular cash withdrawal, an unregistered vehicle, a route that intersected a known surveillance dead zone across four separate occasions within 21 days.
That, the machine weighted differently.
It did not conclude anything.
It adjusted the probability distribution.
The Kidon team’s task was to manufacture those adjustments around the wrong faces.
Four operatives, six targets.
Rotating cover identities every nine days, an operative would spend a morning on foot in a specific district placing himself within camera range for target officers routine at the same hour on three consecutive days.
Not following, not interacting, simply in the same frame at the same time on routes that Simurgh would register as statistically adjacent to anomalous behavior.
One of the operatives, working under the cover identity of a Lebanese textile importer, spent the first 2 weeks of February on foot in the Vanak district.
His target was Brigadier General Hussein Moradi, Deputy Director of IRGC Signals Intelligence.
Moradi drove the same route every morning.
South on Vali-e Asr, left on Shahid Chamran, a brief stop at a bakery on the corner of Shariati.
The operative was at that corner every morning at 7:40, buying bread.
He made two cash withdrawals from an ATM three blocks north on alternating Tuesdays.
He parked the same rented car in a side street that Simurgh’s models associated with courier activity from a previous unrelated case.
Four weeks in, Simurgh had logged the operative’s face in the same frame as Moradi’s on 11 separate occasions.
Two passes per target per day, morning and evening.
8 hours on the street.
Measurable signal had begun to accumulate in Simurgh’s internal waiting index.
March 4, 2025.
Parchin 4, Tehran.
The Heedeb reviewed the weekly performance report the same way every Tuesday.
Coffee on the desk, terminal screen angled slightly away from the ceiling light.
Flagging rates, confidence distributions, standard deviation on the threat waiting index, all within normal parameters, except for one column.
The threat association index for a subset of known safe personnel had moved upward by 0.
3% from the launch baseline.
The Heedeb had worked with continuously learning systems long enough to recognize statistical drift.
Any model updating itself on live data accumulated small deviations over time.
The real world generated noise.
0.
3% sat well within the expected tolerance band.
He logged it as routine drift and closed the report.
March 14th, 2025, Tel Aviv.
Drawer received the Kidon team’s first progress report at 9:00 in the morning.
Simurg’s threat waiting for three of the six target officers had shifted between .
2 and .
6%.
>> >> At the current trajectory, the model would need 8 to 10 additional months to reach red protocol threshold on any single target.
Eight months was a problem.
The controllers had been inside Parchin 4 for 6 weeks.
Each additional month of Kidon presence on Tehran streets extended the operational footprint.
More passes, more cover rotations, more days on which something could go wrong.
And Hydra 7 had not yet activated.
The servers at Parchin 4 were still running at partial load while the facility completed its expansion to full operational capacity.
The 63° threshold had not been crossed.
Drawer opened the operation timeline on his desk and looked at the projected activation date for the servers.
Three weeks out if the expansion schedule held.
He moved a finger along the paper to the projected red protocol date at the current pace of behavioral poisoning.
The gap between the two dates was eight months.
He called the team lead on a secure line that afternoon.
Double the daily rotation.
Four passes per target instead of two.
That puts our people in front of those cameras twice as often, the team lead said.
Yes.
Simurg will start accumulating data on the operatives.
It will accumulate data on faces it cannot identify, Drawer said.
Unknown faces near anomalous patterns are weighted differently than known faces.
We are not in the system.
Unrecognized data gets filed as background noise.
For now, for long enough.
begin the new schedule Monday.
>> >> He ended the call and looked at the progress report again.
.
6% on the highest-rated target.
Eight months at the old pace.
Four months at the new one if nothing went wrong on the street.
Two weeks later, Vahidi ran the Tuesday report.
The drift column had moved again, .
7% up from .
3.
.
3 could be noise.
.
7 two weeks later was a trend.
He pulled up the historical data going back to the system’s launch, five months of records.
The index had never moved more than .
1% between consecutive weekly reports.
It had moved .
4 in two weeks.
Vahidi opened a new query window and requested the raw behavioral log data underlying the index.
The system returned a prompt, “Dual authorization required.
” His credentials plus a second-tier sign-off from a division chief or above.
He closed the window.
He would bring it to Reza at the weekly briefing.
Six days.
In Tel Aviv, Drawers’ analysts had placed a number on a different problem.
At four passes per day with the current camera coverage in the target districts, Simurgh would begin generating consistent behavioral profiles on the key drone operatives within six to eight weeks.
Not identifications, a growing cluster of unresolved anomalies attached to the same unrecognized faces.
The kind of file a human analyst might decide to examine on a slow afternoon.
Six to eight weeks before the machine started building a picture of the people trying to poison it.
Vahidi had six days before his briefing with Reza.
In those same six days, the servers on level three were scheduled to reach full operational capacity for the first time.
What happened if the Heady decided not to wait? The Heady brought the anomaly to Reza at the weekly briefing six days later.
Reza looked at the chart for 2 minutes and told him to recalibrate the baseline parameters.
April 7th, 2025.
Parchin 4, level 3, 11:43 in the evening.
The facility’s expansion to full operational capacity had been completed the previous day, 2 weeks behind the original schedule due to a power supply issue in the north corridor.
The two additional server racks came online at 9:00 in the morning.
By 6:00 in the evening, Parchin 4 was running at maximum load for the first time.
The cooling draw on the east wall climbed through the afternoon.
56° at 4:00, 59 by 7:00.
The night maintenance technician, a young conscript named Rostami, began his 11:00 round at 11:38.
He walked the length of level 3 with a clipboard, noting the temperature readings from each cooling unit in sequence.
Unit 5, 61.
8.
Unit 6, 62.
1.
Unit 7, 63.
2.
He wrote the number down, checked it against the acceptable range printed at the top of his form, up to 65° at full operational load, and moved to unit 8.
He finished the round at 11:49.
He signed the form and left the level.
At 11:43, while Rostami was writing 63.
2 on his clipboard, the sensor on unit 7 crossed the activation threshold.
The initialization sequence ran in 11 milliseconds.
No indicator light changed.
No log entry was created.
No variation appeared in the controller’s output data.
47 lines of activation code executed silently and then Hydra 7 was running.
The first adjustment it made to Simurgh’s neural network was .
03%.
A single weight value in a single layer of the threat identification module shifted by a fraction invisible to any routine audit.
The behavioral poisoning had spent 8 weeks building statistical associations between a set of IRGC officers and known anomalous behavior patterns.
Hydra 7’s function was to amplify those associations incrementally below the threshold of any single detectable change.
It made one adjustment.
Then it waited for the next thermal cycle.
Then it made another.
June 3, 2025, Parchin 4, Tehran.
The first anomalous alert on an IRGC officer was generated at 4:17 in the afternoon.
Simurgh flagged Lieutenant Colonel Davoud Shikani, head of the Parchin 4 physical security division, with a threat waiting score of 12%.
Low confidence.
The alert was routed automatically to the review queue.
The duty analyst who reviewed it had been working the queue for 3 months.
He pulled the underlying data.
A recurring proximity pattern between Shikani and an unidentified male subject near Shikani’s home district combined with two ATM withdrawals on non-payday dates.
The analyst had been personally checked into the facility by Shikani on his first day of work.
He marked the alert as proximity noise, noted it in the review log, and moved to the next item in the queue.
The alert closed.
The weight value that had generated it >> >> did not change.
June 19, 2025, Tajrish district, Tehran.
8:47 in the evening.
The operative’s cover name was Farhad Amini, textile distributor registered in Yerevan.
He had been working the Tajrish district for 6 weeks, running the evening pass on his assigned target, Colonel Behnam Kazvini, head of IRGC logistics security for the northern Tehran zone.
The route was standard.
North on Vali-e Asr, right at the roundabout, through the covered bazaar section, where two of Simorgh’s primary cameras had overlapping fields of view.
Kazvini’s driver picked him up from the same building entrance every evening at 8:30.
Amini walked past that entrance at 8:45.
The timing placed him in the same camera frame as Kazvini’s vehicle for approximately 40 seconds per pass.
At 8:47, Amini’s earpiece produced a single tone.
One tone meant elevated, two meant aboard.
He counted.
Two tones.
He stopped walking.
He was standing in front of a pharmacy on the east side of the street.
Kazvini’s vehicle had not yet appeared at the building entrance 30 m ahead.
His handler’s voice came through the earpiece 14 seconds later.
Simorgh has you at 68%.
It cross-referenced tonight’s route with a vehicle flagged in a previous operation.
The car was in this district 3 months ago.
You parked two streets from here last Thursday.
It pulled the combination.
68%.
The automated escalation threshold was 70.
At 70% the alert would go to a duty officer for manual review.
The duty officer had the option to elevate to red protocol.
4 minutes to reach 70% at the current accumulation rate, >> >> possibly less.
Amini looked at the pharmacy window, his reflection in the glass.
Behind his reflection, the camera on the far corner of the intersection angled southeast.
He went inside.
The pharmacist was a heavy-set man in his 50s standing behind the counter reading a newspaper.
Amini walked to the counter and in Farsi told him that there was a man outside who had just threatened him with a knife.
He described the man.
Gray jacket, approximately 30 years old, standing near the covered section of the bazaar.
The pharmacist came out from behind the counter.
He opened the pharmacy door and looked out at the street.
Then he went back to his counter and picked up his phone.
The call to emergency services took 40 seconds to connect.
Two police vehicles arrived at the bazaar entrance 11 minutes later, lights running.
The officers requested the district camera control room redirect coverage to the bazaar entrance and the two adjacent streets to assist with incident documentation.
The camera on the far corner of the intersection swung 17° northeast.
The footage in which Amini had been standing in front of the pharmacy was now part of an active police incident file.
The footage was flagged as operationally contaminated in Simurgh’s logging protocol.
Contaminated footage was excluded from behavioral profiling runs.
Simurgh’s threat weighting score for Farhad Amini reset to zero.
Amini waited inside the pharmacy for 20 minutes.
He bought a box of antihistamines.
He left through the back entrance, walked four blocks east, and took a taxi to his hotel.
June 20, 2025, Tel Aviv.
Drawer read the incident report at 6:00 in the morning.
He read it twice.
Then he called the team lead.
“Pull everyone out,” he said.
“Two weeks, full freeze.
” “The weighting on three of the targets is at 41%.
If we stop now, Hydra 7 is running, Droor said.
It will hold what we built.
2 weeks.
He ended the call.
He opened his desk drawer and took out the operation timeline.
The projected Red Protocol date with agents frozen for 2 weeks had shifted.
He wrote the new projected date in the margin.
November.
If everything held.
July 8th, 2025.
Part 10 4, Tehran.
The report arrived on Vahedi’s desk at 11:00 in the morning.
His junior analyst, a careful engineer named Nazari, had spent 2 weeks compiling it without being asked.
The anomaly Vahedi had logged as drift in March had not stopped moving.
The threat association index for a cluster of six known safe personnel had shifted a cumulative 1.
4% from the launch baseline.
Nazari had mapped the movement week The rate was not random.
It was accelerating in a consistent pattern that had no precedent in 9 months of operational data.
Nazari stood at the office door while Vahedi read.
He said nothing.
Vahedi read the report twice.
He looked at the chart on the third page.
9 months of data, the index moving upward in a slope that had no analog in Simurgh’s performance history.
This is not drift, Vahedi said.
No, Nazari said.
Vahedi turned to his terminal and drafted a formal access request for the raw behavioral logs underlying the index.
The request required a second-tier authorization.
He typed Reza’s name into the co-signatory field and submitted it to the general’s office.
Reza was in the first day of a 5-day secure communications exercise at a facility outside Tehran.
His administrative assistant replied within the hour.
The general would review pending requests upon his return.
Five days.
Vahedi printed the report and placed it in his top drawer.
He closed the drawer.
On the east wall of level three, three meters from his desk, unit seven continued to run at 63.
4° C.
July through November 2025.
Drawer brought the ketone team back from the freeze on the 4th of July.
The new rotation was more conservative, three passes per target per week.
Cover identity is cycled every five days.
Hydra seven continued its adjustments.
The threat association scores for the six target officers climbed.
Reza returned from his communications exercise on the 13th of July.
He reviewed Vahedi’s access request two days later, read the Nazari report for four minutes, and told Vahedi the anomaly was consistent with expanded training data from the facility’s first year of expanded operations.
He denied the log access request.
He suggested Vahedi recalibrate the baseline parameters.
Vahedi went back to his office.
He opened the top drawer, put the Nazari report inside, and closed it.
It was the second time he had done exactly that.
By October 1st, Seemerge’s threat association score for General Reza had reached 44%.
By November 1st, 67.
On the 17th of November, it crossed 82.
The escalation protocol required senior duty officer confirmation before red protocol could be issued against any individual with a security clearance above level four.
The duty officer on shift that evening, a lieutenant colonel named Abbasi, who had attended the same military academy as Reza 15 years earlier, looked at the score for 2 minutes.
Then, he approved the escalation.
The system had been right 19 times.
On the 3rd of December at 3:48 in the morning, Simurgh issued a red protocol alert on General Mohammad Reza.
Reza was at his residence asleep.
An internal security team reached him at 4:22 and transported him to IRGC intelligence headquarters, where he was placed in a secure room on the second floor.
He spent the first hour demanding to speak with the director of intelligence.
No one in the room answered him.
December 3, 2025, 5:14 in the morning, Parchin 4.
The Heedi received the call at 4:51.
>> >> He was told to come to the facility immediately and was given no other information.
He dressed and drove through empty streets and arrived at Parchin 4 at 5:14.
The main gate was staffed by four guards instead of the usual one.
Two vehicles he did not recognize were parked inside the outer perimeter.
He was cleared through without his usual badge swipe.
One of the guards checked his face against a printed sheet and waved him forward.
He was crossing the second corridor toward the elevator when he saw Colonel Farzan, head of Parchin 4 operations, being walked in the opposite direction by two men in plain clothes.
Farzan had his hands at his sides.
He was not speaking.
One of the men had a hand on his arm.
The Heedi stopped.
The men did not look at him.
They walked Farzan through the fire door at the end of the corridor, >> >> and the door swung shut.
And the corridor was empty.
The Heedi took the elevator to level two.
The conference room had eight people in it.
Two he recognized, both from IRGC internal security, a division he had never had reason to interact with before that morning.
They told him Simurgh had issued a red protocol alert on General Reza.
They told him the facility was in lockdown and that all access to system level functions required countersignature from the internal security duty officer.
Vahedi asked for access to Simurgh’s behavioral log data.
The internal security officer asked why.
“Because the alert is wrong,” Vahedi said.
The officer wrote something on his notepad.
He told Vahedi he could file a formal objection through the review process.
The review process would begin after the primary investigation was complete.
Vahedi asked how long that would take.
The officer said he could not estimate that.
December 3, 7:41 in the morning.
The shooting happened on the third floor corridor outside Reza’s administrative office.
Reza’s personal aid, a major named Darvishi, who had worked for the general for 9 years, had been in the office when the internal security team arrived to seal the premises.
When the team lead told him the office was being inventoried, Darvishi moved toward the general’s desk.
One of the team members drew his weapon.
A second discharged once into the ceiling.
The sound traveled through the ventilation system.
In the basement monitoring room, a duty technician heard it, looked up from his terminal, and did not move for 6 seconds.
Darvishi was removed from the building 11 minutes later.
The desk was sealed, intact.
December 3, 9:22 in the morning.
Parchin 4.
Vahedi had been in the conference room for 4 hours.
He had written a 12-page technical memorandum explaining step-by-step why the behavioral log data underlying Reza’s red protocol alert was statistically anomalous and inconsistent with genuine operational security violations.
At 9:22 he submitted the memorandum >> >> and attempted to open Simurgh’s diagnostic interface to demonstrate the anomaly directly.
His access credentials were denied.
He tried a secondary login with his supervisor level override.
Denied.
The system prompt read, “Access suspended.
Conflict of interest flag.
Authorization required from internal security division.
” Vahedi stared at the screen.
He picked up his phone and called Nazari.
Nazari did not answer.
He called the facilities main technical desk.
The line rang 11 times.
At 9:31, two members of the internal security team entered the conference room.
One told Vahedi that Simurgh had generated a secondary flag on his credentials at 9:17.
The flag cited repeated access attempts to restricted log data following a red protocol event combined with a prior association pattern with the flagged subject, Vahedi’s co-authorship of Simurgh’s foundational architecture with Reza.
“The system flagged me,” Vahedi said.
“Yes.
I built the system.
” The security officer said nothing.
He placed a form on the table and asked Vahedi to surrender his facility access credentials.
Vahedi reached into his jacket pocket.
He placed the P4 key card on the table.
The security officer picked it up, placed it in a clear evidence bag, and wrote Vahedi’s name on the label with a marker.
Vahedi looked at the bag.
Then he looked at the form >> >> and signed it.
December 3, 10:48 in the morning, Tel Aviv.
Dror had been watching since 4:00 in the morning.
The left monitor showed the Parchin 4 exterior camera, the main gate, the additional guards, the two vehicles in the outer perimeter with their engines off.
The right monitor showed Simurgh’s public-facing incident log, accessible through a read-only feed that Hydra 7 had routed via Parchin 4’s connection to the IRGC’s internal intelligence network.
A closed military intranet, separate from the open internet, to which 8200 maintained passive read access through a dormant asset.
The entries had been generating in real time since 3:48.
Red protocol issued.
Lockdown confirmed at 4:12.
Secondary subject flagged at 9:17.
Between 10:00 and 10:48, four more incident log entries had generated.
Three additional personnel had been flagged for proximity association with Reza and Vahidi.
The investigation was expanding on its own.
He watched the log update.
Investigation expanded.
Secondary subject identified.
He poured coffee from the thermos on his desk.
He did not reach for the phone.
At 10:48, a message arrived from the 8200 technical desk.
A single number.
12.
12 hours.
The estimate for how long an Iranian forensic team, working from Simurgh’s physical architecture documentation, would need to trace the weight adjustment pathway back to unit 7.
At hour 12, they would open the firmware.
They would find Hydra 7.
Dror set his coffee down and picked up the phone.
Would Mossad be able to trigger Hydra 7’s self-destruction before the Iranian forensic team reached unit 7? And what happened to the the operation if they were 60 seconds too late.
December 3, 2025, 11:16 in the morning, Tel Aviv.
Tomar had been at her desk since 4:00 in the morning.
She had been there when the red protocol alert generated at 3:48 Tehran time, and she had been there when the 12-hour estimate arrived at 10:48.
She had spent the intervening hours preparing the self-destruct sequence.
The sequence was built into Hydra 7’s original design.
During installation, the firmware had established a covert maintenance channel inside Unit 7’s control port, the same channel the facility used to send routine temperature commands.
A correctly formatted request sent through that channel would initiate a complete wipe of Hydra 7’s code from the firmware.
The controller would reboot as a standard unmodified unit, 11.
3 seconds start to finish.
Tomar had the command ready.
She had tested it on a copy of the firmware 17 times over 13 months.
The test environment had never failed.
What she needed was for Unit 7 to still be online and connected to Parchin 4’s internal network when she sent it.
Drawer sat at the adjacent desk.
Between them, a thermos of coffee neither of them had touched since dawn.
December 3, hour by hour.
12:00 noon, no change in the facility power feed.
Drawer noted the forensic team had not yet received clearance for physical access to the hardware.
1:00 in the afternoon, clearance request submitted to IRGC internal security command, still pending.
2:00, Parchin 4’s internal security issued a data access freeze across all terminals.
The Hedies’ access had already been suspended.
Now, no one inside the facility could pull system-level data without internal security counter signature.
Three.
External communications cut.
Drawer lost the camera feed for 4 minutes.
It came back through a secondary routing path that ran via the same IRGC internet channel Hydra 7 had opened for the incident log.
3:40.
The clearance request for physical access to level three was still pending.
Tomar ran the self-destruct command in test mode for the 18th time.
It completed in 11.
1 seconds.
Four.
The forensic team received approval.
4:37.
>> >> They were inside level three.
Five.
Tomar had the command window open, cursor at the end of the line.
She was watching the controller’s ping response interval.
Every 12 seconds, unit seven confirmed it was still online.
5:41.
The pings were still coming through.
December 3.
5:41 in the afternoon.
Parchin 4, level three.
The senior forensic engineer was a woman named Dr.
Khorasani, seconded from IRGC cyber division.
She had been briefed on the red protocol alert and on Vahedi’s suspension.
She had not been told what to look for specifically.
That was the nature of a forensic examination.
She stood at the east wall and read the installation report for the cooling units.
10 controllers installed January 27th by facility maintenance crew.
All 10 had passed post-installation diagnostics.
She checked the serial numbers against the manifest.
She checked the manufacturer.
Meridian Cooling Systems AG, Zug, Switzerland.
She typed the name into her secure tablet and submitted a query to IRGC’s commercial registry database.
Then, she moved to the next item on her checklist while the query processed.
The query returned in 4 minutes.
No registration in Iranian commercial records.
No known clients in the region.
Company incorporated on the 1st of November, 2024.
11 days before the Kaveh Industrial Solutions tender closed.
Khorasani read the result twice.
Then, she picked up her radio.
December 3, 6:12 in the evening, Tel Aviv.
Dror was watching the Parchin 4 power output reading when it dropped.
6:12.
40% in 4 seconds.
He looked at Tamar.
“Level 3,” she said.
“They cut power to the server racks.
” The command window was open in front of her.
Unit 7’s controller address typed in, cursor blinking at the end of the line.
“Still online?” Dror asked.
She checked the last ping response from the controller.
Parchin 4’s internal network had been isolated before the main power down.
The last successful ping had come through just over a minute ago.
“No,” >> >> she said.
She closed the command window.
Khorasani’s escalation had taken 4 minutes to reach internal security command.
The command had reviewed her finding for 11 minutes.
Their decision? If the supply chain was potentially compromised, the entire hardware installation had to be treated as hostile.
They ordered an immediate power down and physical removal of all level 3 server hardware.
The servers went offline at 6:12.
When Unit 7 lost power, Hydra 7’s final routine executed automatically.
Tamar had built a cold white protocol into the firmware as a contingency.
If the controller ever lost power while the payload was active, the firmware would overwrite itself with blank data before the capacitor drained, consistent with the manufacturer’s documented fail-safe specification for secure industrial environments.
11 seconds.
The process completed at 6:12 and 11 seconds.
December 4th through January 2026.
The physical servers from Level 3 were transported to a secure facility outside Tehran for independent forensic analysis.
The analysis confirmed supply chain compromise.
The specific mechanism could not be determined.
>> >> The relevant firmware had been wiped before power down.
The investigation concluded that penetration had occurred at an unidentified point in the procurement chain.
Kaveh Industrial Solutions was dissolved.
Three of its directors were detained for questioning.
Meridian Cooling Systems AG had been dissolved four days after the Parchin Ford delivery.
Its registered office cleared out, phone line disconnected, website taken down.
The Swiss commercial registry showed no forwarding address.
The Simurgh project was formally terminated on the 19th of December.
Its database, 14 months of behavioral profiles, 19 confirmed identifications, every weight adjustment and flag the system had ever generated, >> >> was destroyed along with the hardware.
The IRGC’s internal review concluded that any data produced by a potentially compromised system was itself potentially compromised.
On December 20th, one of Khorasani’s junior engineers returned to Level 3 to complete the physical inventory.
The room was empty.
The racks had been removed.
The mounting brackets were still bolted to the walls where the cooling units had been.
He photographed each one, logged the serial positions, and left.
The Heeti was released from internal security detention on the 22nd of December, 19 days after his credentials had been suspended.
The investigation had found no evidence of deliberate wrongdoing on his part.
He was reassigned to a technical advisory position with no system access and no direct reports.
He returned to Parchin 4 on the 23rd to collect his personal items.
The office had been reassigned.
The top drawer of his old desk was empty.
His formal clearance review was scheduled for 6 months later.
General Reza did not appear at the weekly IRGC Cyber Command briefing on December 10th or the 17th or the 24th.
His name remained on the agenda for three consecutive weeks before it was quietly removed.
January 14th, 2026.
IRGC Cyber Command headquarters, Tehran.
The new terminal had been installed the previous week, part of the replacement infrastructure being deployed across IRGC secure facilities as the post-Simurgh security review continued.
A colonel named Yousefi sat down at the terminal at 8:43 in the morning.
Six years in Cyber Command, clearance level five, no prior flags in any system, old or new.
He had work to do.
He had his login credentials on the card in his hand.
He looked at the login screen.
He turned the card over in his hand.
He looked at the screen again.
He put the card back in his pocket and went to get coffee.
He did not come back to the terminal that day.
In Tel Aviv, Draw closed the operation file on January 21st.
He wrote one line in the summary field.
Target system destroyed by target.
He shut the laptop.
