“Tavajoh! Tavajoh! Tavajoh!” a man’s voice announces, before going on to narrate a string of numbers in no apparent order, slowly and rhythmically. After nearly two hours, the calls of “Attention!” in Persian stop, only to resume again hours later.

The broadcast has been playing twice a day on a shortwave frequency since the start of the US-Israel attack on Iran on February 28.

According to Priyom, an organization which tracks and analyses global military and intelligence use of shortwave radio, using established radio-location techniques, the broadcast was first heard as the US bombing of Iran began. It has since played on the 7910 kHz shortwave frequency like clockwork—at 02.00 UTC and again at 18.00 UTC.

Over the weekend, Priyom said it had identified the likely origin of the broadcast. Using multilateration and triangulation techniques, the group traced the signal to a shortwave transmission facility inside a US military base in Böblingen, southwest of Stuttgart, Germany.

The site lies within a restricted training area between Panzer Kaserne and Patch Barracks, with technical operations possibly linked to the US army’s 52nd Strategic Signal Battalion, headquartered nearby.

That identification narrows the field, but it does not reveal who is behind the transmissions or who they are meant for.

The two-hour-long transmission is divided into five to six segments, each lasting up to 20 minutes. Each opens with “Tavajoh!” before shifting into a string of numbers in Persian, sometimes punctuated with an English word or two. Five days into the broadcast, radio jammers were heard attempting to block the frequency. The following day, the transmission shifted to a different frequency—7842 kHz.

Radio communication experts believe the broadcast is likely part of a Cold War–era system known as number stations.

The Return of the Numbers

Number stations are shortwave radio broadcasts that play strings of numbers or codes that sound random—like the one now heard in Iran. “It is an encrypted radio message used by foreign intelligence services, often as part of a complex operation by intelligence agencies and militaries,” says Maris Goldmanis, a Latvian historian and avid numbers stations researcher.

Number stations are most commonly associated with espionage. “For intelligence agencies, it is important to communicate with their spies to gather intelligence,” says John Sipher, a former US intelligence officer who served 28 years in the CIA’s National Clandestine Service. “This is not always possible in person due to political constraints or conflict. This is where number stations come in.”

While the use of number stations can be traced back to the First World War, they gained prominence during the US-Soviet Cold War. As espionage grew more sophisticated, governments used automated voice transmissions of coded numbers to communicate with agents, Goldmanis says. Citing declassified KGB and CIA documents, he adds that number stations were widely used during this period, often as Morse code transmissions and, in many cases, as two-way communications, with agents reporting back using their own shortwave transmitters.

“Nowadays, you have various satellite and encrypted communications technologies,” Sipher says. “But during the Cold War and even before that, governments had to find ways to do this without being noticed, and broadcasting coded messages was one way to communicate with your assets discreetly.”

The apparent randomness of the numbers means they can be understood only with a codebook, Sipher adds. “Nobody can make heads or tails of it or understand what it says unless you have the codebook that can give you hints to decrypt the code,” he says, noting that such systems must be set up and coordinated in advance.

A Signal Without a Sender

While the likely origin of the signal may now be clearer, its purpose and intended recipient remain unknown.

Because the broadcasts are encrypted and designed to be covert, those details may remain unclear for years, Goldmanis says. The structured nature of the transmission—its fixed schedule and consistent use of frequencies—further suggests it is part of a planned operation.

The Irish government has released a National Strategy on the Resilience of Critical Entities, a comprehensive framework designed to protect essential public services – including digital and web infrastructure and datacentres – and critical national infrastructure (CNI) from cyber attacks and other disruptions.

Owned by Ireland’s Department of Defence (An Roinn Cosanta) and Office of Emergency Planning, the document sets out an overarching vision and a set of strategic objectives aimed at strengthening resilience across Ireland.

It was devised to comply with the European Union’s (EU’s) Critical Entities Resilience (CER) Directive, which obliges Member States to take specific measures to ensure essential services for economic and social functions are protected. The provisions laid down in CER are to be transferred into national law across the EU by the middle of October 2026.

“A resilient society is essential for our national security, as well as our economic and social well-being,” said Helen McEntee, Ireland’s minister for defence.

“This resilience relies on the continuous availability of a wide range of essential services including the water we drink, the food we eat, the energy that lights and heats our homes, the transport we depend on, and the health services that keep us healthy. Certain entities that provide these services are vital to the functioning of our society and are therefore classified as critical.

“These Critical Entities are significant, and they are increasingly interconnected and interdependent,” she said. “Many of them are provided by private industry in partnership with the State. While the resilience of critical infrastructure has always been part of our emergency strategy in Ireland, we now recognise the need for a more strategic approach to enhance this area.”

At the core of the strategy lie five strategic goals: to enhance the national risk assessment methodology to identify essential services; to embed a governance and coordination framework for critical entity resilience; to drive appropriate improvements in the resilience of critical entities; to enhance the Department of Defence’s strategic oversight of critical infrastructure dependencies across all sectors; and to ensure consistency with cyber security, maintaining an approach to resilience that aligns with Ireland’s national cyber objectives, and its obligations under EU laws such as NIS 2, Dora and so on.

Dublin hopes that besides improving public service resilience based on a better understanding of the risks such bodies face, the framework will also ensure a national and sector-wide perspective on risk, and support critical entities in meeting their obligations.

People across Ireland experienced the devastation of a successful cyber attack on an essential public service in May 2021, when the Health Service Executive (HSE) infamously fell victim to a Conti ransomware attack causing significant disruption.

The incident forced frontline clinical staff to fall back on pen and paper amid cancelled appointments and, significantly, downed Ireland’s Covid-19 testing referral system.

It took months for Ireland’s health system to recover, with millions of Euros spent on response and remediation efforts.