| The Record from Recorded Future News
therecord.media
Martin Matishak
February 4th, 2026
The U.S. military digitally disrupted Iranian air missile defense systems during its operation last year against the country’s nuclear program, some of the most sophisticated action Cyber Command has taken to date against Iran.
Exclusive: US used cyber weapons to disrupt Iranian air defenses during 2025 strikes
The U.S. military last year digitally disrupted Iranian air missile defense systems as part of a coordinated operation to destroy the country’s nuclear program, according to several U.S. officials, another sign of America’s growing comfort with employing cyber weapons in warfare.
The strike on a separate military system connected to the nuclear sites at Fordo, Natanz and Isfahan helped to prevent Iran from launching surface-to-air missiles at American warplanes that had entered Iranian airspace, the officials said.
“Military systems often rely on a complex series of components, all working correctly. A vulnerability or weakness at any point can be used to disrupt the entire system,” according to one individual familiar with the matter who, like others, spoke on the condition of anonymity to discuss sensitive information.
In hitting a so-called “aim point” — a mapped node on a computer network, such as a router, a server or some other peripheral device — U.S. operators, enabled by intelligence from the National Security Agency, bypassed what would have been a more difficult task of breaking into a military system located at one, or all, of the fortified nuclear facilities.
“Going ‘upstream’ can be extraordinarily hard, especially against one of our big four adversaries,” another official said, referring to the quartet of Iran, China, Russia and North Korea.
“You need to find the Achilles heel.”
None of the officials would specify what kind of device was attacked. At the request of sources, Recorded Future News withheld certain details about the cyberattack due to national security concerns.
“U.S. Cyber Command was proud to support Operation Midnight Hammer and is fully equipped to execute the orders of the Commander-in-Chief and the Secretary of War at any time and in any place," a command spokesperson said in a statement, without elaborating.
The digital element of June’s Operation Midnight Hammer, which has not been previously reported, is some of the most sophisticated action Cyber Command has taken against Iran in its nearly 16-year history.
Since being granted authorities to augment its offensive capabilities during the first Trump administration, the command skirmished with the Islamic Revolutionary Guard Corps and Iranian hacker groups in the run-up to the 2020 presidential election and moved against government-aligned malicious actors before they could disrupt the 2022 midterms.
Gen. Dan Caine, the chairman of the Joint Chiefs of Staff, publicly lauded Cyber Command’s contribution during a Pentagon press conference after Midnight Hammer concluded, noting it had supported the “strike package” that saw all three nuclear sites hit in a span of less than a half-hour.
The command received similar kudos last month after it conducted cyber operations that officials say knocked out power to Venezuela's capital and disrupted air defense radar, as well as handheld radios, as part of the mission to capture President Nicolás Maduro.
Cyber Command and others “began layering different effects” on Venezuela as commandos approached in helicopters in order to “create a pathway” for them, Caine said during a press conference at Mar-a-Lago.
Little has been shared about the command’s role in the ouster of Maduro, however. And while lawmakers received classified briefings on both digital operations last month, they are seeking more information about the digital attacks on Iran and Venezuela, hoping some details will eventually be shared with the public.
Venezuela has “been in the news and a lot of discussion about the fact that this was a good example of what happens when you combine all of the joint forces, including cyber operations,” Sen. Mike Rounds (R-SD), the chair of the Senate Armed Services cyber subcommittee, said during a hearing with defense officials last week.
“I understand that this [setting] is unclassified but there's a lot of folks out there that might now have a curiosity about this, and they may very well want to be a part of a team in the future that you're going to have to try to recruit,” he added.
The officials, for their part, declined to offer any fresh details and instead touted the use of cyber capabilities.
“I would tell you not just [Operation] Absolute Resolve [in Venezuela] but Midnight Hammer, in a number of other operations, we've really graduated to the point where we’re treating a cyber capability just like we would a kinetic capability, not sprinkling cyber on,” Army Lt. Gen. William Hartman, the acting chief of the command and the NSA, told the subcommittee.
Air Force Brig. Gen. Ryan Messer, deputy director for global operations on the Joint Staff, noted that Caine has put an “emphasis on not just traditional kinetic effects, but the role non-kinetic effects play in all of our global operations, especially cyber.”
He said that over the last six months, the Joint Staff has developed a “non-kinetic effects cell” that is “designed to integrate, coordinate and synchronize all of our non-kinetics into the planning and then, of course, the execution of any operation globally.”
In military jargon, “non-kinetic effects” are produced through capabilities like cyber tools, while “kinetic” generally refers to striking targets with missiles or by other physical means.
“The reality is that we’ve now pulled cyber operators to the forefront,” Messer said.
Iran and Venezuela suggest the “ideal use cases for cyber operations as enablers of conventional military operations,” according to Erica Lonergan, an adjunct fellow at the Foundation for Defense of Democracies’ Center on Cyber and Technology Innovation.
“Altogether, both of these operations reflect the routinization of the use of cyber capabilities during military operations, and we should expect to see more of these in the future. In my view, this is a good thing, because it suggests we are moving beyond seeing cyber as a unique, exquisite (and dangerous) capability,” said Lonergan, a former director of the congressionally-mandated Cyberspace Solarium.
“I would not generalize from these cases to make inferences about how this might play out in the context of a contingency involving an adversary like China.”
theins.ru
The Insider
2 October 2025 23:03
The hacker collective Black Mirror has released the first portion of an archive of documents from the Russian state defense corporation Rostec. The tranche contains more than 300 items. The materials detail Russia’s military and technical cooperation with foreign clients, pricing for military items, and logistics schemes aimed at evading sanctions. The published documents also include internal correspondence, presentations on overseas helicopter service centers, and agreements with international partners.
The files show that Russian companies have faced difficulties receiving payments for contracts with Algeria, Egypt, China, and India. Russian banks have been unable to issue guarantees or conduct transactions through the SWIFT system, forcing them to search for alternative settlement schemes in yuan, rubles, and euros.
The archive also contains information about an international network of service centers for Russian helicopter equipment. The documents describe existing and planned maintenance facilities in the UAE, Afghanistan, Vietnam, Bulgaria, Kazakhstan, and other countries. Particular attention is paid to the creation of an international regional logistics hub in Dubai, near Al Maktoum Airport, designed as a central node for supplying spare parts and components.
Among the materials is a letter from the Rostec holding company Concern Radio-Electronic Technologies (CRET) on pricing for military products in export contracts. The document proposes a simplified formula for setting wholesale prices, profit margins, transport expenses, and currency risks. It also discusses possible legal changes to allow more flexible use of revenues from military-technical cooperation.
The hackers said this is only the first portion of the Rostec archive, which they are releasing in what they called “fuck off exposure” mode. Black Mirror claims the documents include a list of “reliable trading partners” in several countries. These are said to have been approved by Russia’s Defense Ministry, the FSB, and the Foreign Intelligence Service (SVR) with the aim of reducing the risk of aviation and technical equipment being redirected to Ukraine through third countries.
In August, Telegram blocked Black Mirror’s channel. Attempts to access it displayed a notice that cited doxxing, defamation, and extortion as the reasons behind the ban. The Insider is not aware of the channel extorting money from anyone.
AI firm DeepSeek is aiding China's military and intelligence operations, a senior U.S. official told Reuters, adding that the Chinese tech startup sought to use Southeast Asian shell companies to access high-end semiconductors that cannot be shipped to China under U.S. rules.
The U.S. conclusions reflect a growing conviction in Washington that the capabilities behind the rapid rise of one of China's flagship AI enterprises may have been exaggerated and relied heavily on U.S. technology.
Hangzhou-based DeepSeek sent shockwaves through the technology world in January, saying its artificial intelligence reasoning models were on par with or better than U.S. industry-leading models at a fraction of the cost.
"We understand that DeepSeek has willingly provided and will likely continue to provide support to China's military and intelligence operations," a senior State Department official told Reuters in an interview.
"This effort goes above and beyond open-source access to DeepSeek's AI models," the official said, speaking on condition of anonymity in order to speak about U.S. government information.
The U.S. government's assessment of DeepSeek's activities and links to the Chinese government have not been previously reported and come amid a wide-scale U.S.-China trade war.
Millions of Americans have downloaded apps that secretly route their internet traffic through Chinese companies, according to an investigation by the Tech Transparency Project (TTP), including several that were recently owned by a sanctioned firm with links to China’s military.
TTP’s investigation found that one in five of the top 100 free virtual private networks in the U.S. App Store during 2024 were surreptitiously owned by Chinese companies, which are obliged to hand over their users’ browsing data to the Chinese government under the country’s national security laws. Several of the apps traced back to Qihoo 360, a firm declared by the Defense Department to be a “Chinese Military Company." Qihoo did not respond to questions about its app-related holdings.
France's Navy personnel revealed classified information about submarine patrols through the Strava fitness app, found an investigation by Le Monde.
More than 3 billion phone coordinates collected by a US data broker expose the detailed movements of US military and intelligence workers in Germany—and the Pentagon is powerless to stop it.
The UK Ministry of Defense said a breach at a third-party payroll system exposed as many as 272,000 armed forces personnel and veterans.
As “P4x,” Alejandro Caceres single-handedly disrupted the internet of an entire country. Then he tried to show the US military how it can—and should—adopt his methods.
German chancellor promises probe after leak of officers discussing the supply of long-range missiles.
Insikt Group has observed TAG-70 leveraging cross-site scripting (XSS) vulnerabilities against Roundcube webmail servers in Europe, targeting government, military, and national infrastructure.
Irony, not barbed wire, cuts the deepest
American intelligence officials believe the malware could give China the power to disrupt or slow American deployments or resupply operations, including during a Chinese move against Taiwan.
Millions of US military emails have been misdirected to Mali through a “typo leak” that has exposed highly sensitive information, including diplomatic documents, tax returns, passwords and the travel details of top officers.
How links between ‘hacktivists’ and official military are becoming blurred on both sides in the war.
Vulkan engineers have worked for Russian military and intelligence agencies to support hacking operations, prepare for attacks on infrastructure and spread disinformation
A security researcher told TechCrunch that a government server was exposing military emails to the internet because no password was set.
Hackers infiltrated the Mexican Defense Ministry, publishing millions of emails that detail the military’s growing influence over the civilian government.
The “Augury” platform includes highly sensitive network data that Team Cymru, a private company, is selling to the military. “It’s everything. There’s nothing else to capture except the smell of electricity,” one cybersecurity expert said.
ESET research uncovers attacks against several high-profile aerospace and military companies in Europe and the Middle East, with several hints suggesting a possible link to the Lazarus group.
