| The Record from Recorded Future News
therecord.media
Martin Matishak
February 4th, 2026
The U.S. military digitally disrupted Iranian air missile defense systems during its operation last year against the country’s nuclear program, some of the most sophisticated action Cyber Command has taken to date against Iran.
Exclusive: US used cyber weapons to disrupt Iranian air defenses during 2025 strikes
The U.S. military last year digitally disrupted Iranian air missile defense systems as part of a coordinated operation to destroy the country’s nuclear program, according to several U.S. officials, another sign of America’s growing comfort with employing cyber weapons in warfare.
The strike on a separate military system connected to the nuclear sites at Fordo, Natanz and Isfahan helped to prevent Iran from launching surface-to-air missiles at American warplanes that had entered Iranian airspace, the officials said.
“Military systems often rely on a complex series of components, all working correctly. A vulnerability or weakness at any point can be used to disrupt the entire system,” according to one individual familiar with the matter who, like others, spoke on the condition of anonymity to discuss sensitive information.
In hitting a so-called “aim point” — a mapped node on a computer network, such as a router, a server or some other peripheral device — U.S. operators, enabled by intelligence from the National Security Agency, bypassed what would have been a more difficult task of breaking into a military system located at one, or all, of the fortified nuclear facilities.
“Going ‘upstream’ can be extraordinarily hard, especially against one of our big four adversaries,” another official said, referring to the quartet of Iran, China, Russia and North Korea.
“You need to find the Achilles heel.”
None of the officials would specify what kind of device was attacked. At the request of sources, Recorded Future News withheld certain details about the cyberattack due to national security concerns.
“U.S. Cyber Command was proud to support Operation Midnight Hammer and is fully equipped to execute the orders of the Commander-in-Chief and the Secretary of War at any time and in any place," a command spokesperson said in a statement, without elaborating.
The digital element of June’s Operation Midnight Hammer, which has not been previously reported, is some of the most sophisticated action Cyber Command has taken against Iran in its nearly 16-year history.
Since being granted authorities to augment its offensive capabilities during the first Trump administration, the command skirmished with the Islamic Revolutionary Guard Corps and Iranian hacker groups in the run-up to the 2020 presidential election and moved against government-aligned malicious actors before they could disrupt the 2022 midterms.
Gen. Dan Caine, the chairman of the Joint Chiefs of Staff, publicly lauded Cyber Command’s contribution during a Pentagon press conference after Midnight Hammer concluded, noting it had supported the “strike package” that saw all three nuclear sites hit in a span of less than a half-hour.
The command received similar kudos last month after it conducted cyber operations that officials say knocked out power to Venezuela's capital and disrupted air defense radar, as well as handheld radios, as part of the mission to capture President Nicolás Maduro.
Cyber Command and others “began layering different effects” on Venezuela as commandos approached in helicopters in order to “create a pathway” for them, Caine said during a press conference at Mar-a-Lago.
Little has been shared about the command’s role in the ouster of Maduro, however. And while lawmakers received classified briefings on both digital operations last month, they are seeking more information about the digital attacks on Iran and Venezuela, hoping some details will eventually be shared with the public.
Venezuela has “been in the news and a lot of discussion about the fact that this was a good example of what happens when you combine all of the joint forces, including cyber operations,” Sen. Mike Rounds (R-SD), the chair of the Senate Armed Services cyber subcommittee, said during a hearing with defense officials last week.
“I understand that this [setting] is unclassified but there's a lot of folks out there that might now have a curiosity about this, and they may very well want to be a part of a team in the future that you're going to have to try to recruit,” he added.
The officials, for their part, declined to offer any fresh details and instead touted the use of cyber capabilities.
“I would tell you not just [Operation] Absolute Resolve [in Venezuela] but Midnight Hammer, in a number of other operations, we've really graduated to the point where we’re treating a cyber capability just like we would a kinetic capability, not sprinkling cyber on,” Army Lt. Gen. William Hartman, the acting chief of the command and the NSA, told the subcommittee.
Air Force Brig. Gen. Ryan Messer, deputy director for global operations on the Joint Staff, noted that Caine has put an “emphasis on not just traditional kinetic effects, but the role non-kinetic effects play in all of our global operations, especially cyber.”
He said that over the last six months, the Joint Staff has developed a “non-kinetic effects cell” that is “designed to integrate, coordinate and synchronize all of our non-kinetics into the planning and then, of course, the execution of any operation globally.”
In military jargon, “non-kinetic effects” are produced through capabilities like cyber tools, while “kinetic” generally refers to striking targets with missiles or by other physical means.
“The reality is that we’ve now pulled cyber operators to the forefront,” Messer said.
Iran and Venezuela suggest the “ideal use cases for cyber operations as enablers of conventional military operations,” according to Erica Lonergan, an adjunct fellow at the Foundation for Defense of Democracies’ Center on Cyber and Technology Innovation.
“Altogether, both of these operations reflect the routinization of the use of cyber capabilities during military operations, and we should expect to see more of these in the future. In my view, this is a good thing, because it suggests we are moving beyond seeing cyber as a unique, exquisite (and dangerous) capability,” said Lonergan, a former director of the congressionally-mandated Cyberspace Solarium.
“I would not generalize from these cases to make inferences about how this might play out in the context of a contingency involving an adversary like China.”
techcrunch.com
Zack Whittaker
7:25 AM PST · February 5, 2026
The ransomware attack at Conduent allowed hackers to steal a "significant number of individuals’ personal information" from the govtech giant's systems. Conduent handles personal and health data of more than 100 million people across America.
A data breach at government technology giant Conduent appears to affect far more people than first disclosed, with the number of victims potentially stretching to dozens of millions of people across the United States.
The January 2025 ransomware attack, which knocked out Conduent’s operations for several days, is now known to affect at least 15.4 million people in Texas alone, accounting for about half of the state’s population. Conduent said in October that 4 million people across the state were affected.
Another 10.5 million people are affected across Oregon, per the state’s attorney general.
Conduent has also notified hundreds of thousands of people across Delaware, Massachusetts, New Hampshire, and other states, according to data breach notifications seen by TechCrunch.
The stolen data includes individuals’ names, Social Security numbers, medical data, and health insurance information.
One of the largest government contractors today, Conduent handles and processes large amounts of personal and sensitive information on behalf of large corporations, government departments, and several U.S. states. The company says its technology and operational support services reach more than 100 million people in the United States across various government healthcare programs.
When contacted with several questions about the data breach, Conduent spokesperson Sean Collins provided a boilerplate statement that did not address the questions, nor did they answer if Conduent knows how many individuals are affected by the cyberattack. The spokesperson would not say if the breach affects more than 100 million people.
Collins said that the company has been working to “conduct a detailed analysis of the affected files to identify the personal information” taken in the breach but would not say how many data breach notifications the company has sent out to date.
Little else is known about the breach, and the company has disclosed few details. Conduent disclosed the cyberattack in April, months after hackers knocked out the company’s systems, which resulted in outages to government services across the United States.
The Safeway ransomware gang took credit for the breach, claiming to have stolen over 8 terabytes of data.
In a later SEC filing, the company said that the stolen datasets “contained a significant number of individuals’ personal information associated with our clients’ end-users,” referring to its corporate and government customers.
Conduent also said it is continuing to notify individuals whose data was stolen in the breach, and plans to conclude alerting individuals by early 2026. The company did not give a more specific timeline.
