US service members received WhatsApp messages claiming they would be targeted with drones and missiles.

The post Iranian Cyber Group Handala Targets US Troops in Bahrain appeared first on SecurityWeek.

British businesses need to prepare themselves to defend against cyberattacks because the U.K. could be targeted “at scale,” if it became involved in an international conflict.

The post Most Serious Cyberattacks Against the UK Now From Russia, Iran and China, Cyber Chief Says appeared first on SecurityWeek.

Securing national resilience now depends on faster, deeper partnerships with the private sector.

The post Government Can’t Win the Cyber War Without the Private Sector appeared first on SecurityWeek.

Hackers vowed to revive its efforts against America when the time was right — demonstrating how digital warfare has become ingrained in military conflict.

The post Shaky Ceasefire Unlikely to Stop Cyberattacks From Iran-Linked Hackers for Long appeared first on SecurityWeek.

Iran-linked hacking groups are turning to high-volume, low-impact cyberattacks, and AI is providing a boost.

The post Hacked Hospitals, Hidden Spyware: Iran Conflict Shows How Digital Fight Is Ingrained in Warfare appeared first on SecurityWeek.

The group that it was making available for download emails and other documents from Patel’s account.

The post Pro-Iranian Hacking Group Claims Credit for Hack of FBI Director Kash Patel’s Personal Account appeared first on SecurityWeek.

The attacks included a destructive infiltration of Poland's energy system in December and was suspected of originating in Russia.

The post Poland Faced a Surge in Cyberattacks in 2025, Including a Major Assault on the Energy Sector appeared first on SecurityWeek.

The role of Israel’s hijacking of Iran’s street cameras in the killing of the country’s supreme leader underscores how surveillance systems are increasingly being targeted by adversaries in wartime.

The post Iran Built a Vast Camera Network to Control Dissent. Israel Turned It Into a Targeting Tool appeared first on SecurityWeek.

When President Trump referenced America’s ability to “darken” parts of Caracas during Operation Absolute Resolve, the comment stood out not because of what it confirmed, but because of what it implied. Delivered without technical detail, the remark hinted at capabilities that sit somewhere between diplomacy and force, and between cyber operations and traditional military action.

Whether or not the statement reflected a specific technical action in the raid on Venezuela is almost beside the point. What mattered was the signal: cyber-enabled disruption of civilian or economic systems is no longer treated as an abstract possibility, but as a plausible instrument of state power operating below the threshold of open conflict.

This framing aligns with events that preceded any visible kinetic or political resolution. Venezuela’s state-owned oil sector, the backbone of the country’s economy and a primary source of regime revenue, reportedly experienced cyber-related disruptions that affected operations and exports. Attribution remains contested, and no public confirmation has been offered. But the timing and the target were notable. Pressure seemed to be applied not during the confrontation itself, but earlier—targeting the systems that sustain national power.

These developments point toward a more deliberate “gray zone” approach, one that uses cyber interference against economic and civilian infrastructure as part of sustained pressure campaigns rather than isolated, surgical actions.

For a global power operating in an environment of constant competition, this shift may be less radical than it initially appears.

Why the gray zone matters

Gray zone conflict is often framed as a deviation from traditional deterrence. But in practice, it reflects how competition among major powers increasingly unfolds. Rarely does rivalry manifest as declared war. Instead, it plays out through incremental pressure applied across economic, informational, political, and technological domains.

Cyber capabilities are particularly well suited in this space. They allow nation-states to impose friction, degrade confidence, and shape behavior without crossing clear thresholds that would trigger conventional military escalation. Unlike kinetic force, cyber effects can be reversible, deniable, and calibrated over time.

From a technical perspective, this flexibility is not accidental. Modern cyber operations rely less on single exploits and more on persistent access, identity abuse, supply chain dependencies, and detailed mapping of complex systems. These attributes make cyber tools effective not just for disruption, but for long-term leverage.

For years, the United States invested heavily in advanced cyber capabilities while remaining cautious about integrating them openly into broader coercive strategies. This restraint, however, was not universally shared.

Lessons from the Russian model

For more than a decade, U.S. officials criticized Russia’s use of hybrid warfare, particularly its integration of cyber operations, economic pressure, information campaigns, and civilian infrastructure disruption. In Ukraine and elsewhere, civilian impact was not incidental, as it was a key part of the strategy.

From a technical standpoint, Russia demonstrated that persistent interference against power grids, telecommunications networks, healthcare systems, election infrastructure, and government services could impose strategic costs without provoking decisive military retaliation. Even relatively limited actions, such as GPS jamming affecting civilian aviation in the Baltics and Eastern Europe, reinforced the same lesson: disruption does not need to be catastrophic to be effective.

These operations often relied on modest technical effects amplified through operational timing and uncertainty. Intermittent outages, degraded reliability, and ambiguous attribution created pressure on governments and populations without crossing clear red lines.

 Regardless of how Moscow’s objectives are judged, the effectiveness of cyber and electronic interference as tools of statecraft did not go unnoticed. In recent  years, other countries, particularly China and Iran, have steadily expanded these operations and capabilities

How gray zone campaigns operate

From a cyber perspective, gray zone operations rarely resemble single attacks. They unfold as campaigns.

Access is often established years in advance through credential compromise, third-party vendors, or exposed management interfaces. Once inside, operators map dependencies, understand failover mechanisms, and identify points where limited disruption can produce outsized operational impact.

These effects, when applied, are typically restrained. Rather than causing prolonged blackouts or physical damage, campaigns may induce intermittent failures, data integrity concerns, or operational delays that erode confidence and consume resources. The goal is not destruction, but pressure: forcing leaders and operators to operate under uncertainty.

They are also designed to be reversible and deniable. The ability to stop, pause, or modulate disruption is as important as the ability to initiate it. This control allows cyber operations to be synchronized with diplomatic signals, economic sanctions, or other forms of statecraft.

Statecraft in an era of constant competition

The events in Venezuela underscore a broader reality: cyber-enabled pressure is now a standard component of how states pursue political outcomes. It shapes environments well before traditional markers of conflict appear.

The strategic question is no longer whether cyber-enabled economic interference will be used, but how seamlessly it is integrated with other tools. Sanctions, diplomacy, military posture, and cyber operations increasingly function as parts of a single continuum rather than separate domains.

This raises natural questions about where such pressure may be applied next. In the Western Hemisphere, U.S. attention has turned toward Cuba and Colombia. Beyond the region, Iran remains a focal point of coercive strategy, where cyber operations have already been used to strain industrial systems and public confidence without crossing into open conflict.

The point is not to predict specific operations, but to recognize that pressure via cyber operations has moved from the margins of policy into its core.

What this means going forward

For a global power, ignoring gray zone dynamics is increasingly unrealistic. However, embracing them does introduce new forms of risk. Cyber interference below the threshold of war offers flexibility and deniability, but it also creates ambiguity around control, proportionality, and long-term stability.

Escalation in this space rarely arrives as a single dramatic event. Instead, it accumulates through repeated disruptions that gradually blur the line between competition and conflict, often without clear signaling or agreed-upon thresholds.

Managing that risk requires more than technical capability. It demands disciplined judgment, an understanding of complex systems, and an appreciation for how seemingly modest cyber effects can cascade politically and economically.

The gray zone may be unavoidable, but how states operate within it will shape whether it becomes an effective tool of competition, or a source of sustained instability.

Aaron Estes, Vice President at Binary Defense, is a three-time Lockheed Martin Fellow with more than 25 years of experience in cybersecurity and software engineering.  Estes has spent much of his career advancing mission resilience and adaptive defense for the Department of Defense, intelligence community, and leading defense contractors.

The post Is the US adopting the gray zone cyber playbook? appeared first on CyberScoop.

Amazon said the lines between cyberattacks and physical, real-world attacks are blurring quickly — prompting the tech giant to call for a new category of warfare: cyber-enabled kinetic targeting. 

Nation-states have combined and understood how logical systems and the physical world interact for a long time, but more non-traditional attackers are showcasing expertise in using cyberattacks to enable and amplify the impact of kinetic military operations, according to Amazon Threat Intelligence.

“The collective industry and our customers have to really pay attention to this and change the way we’re doing things,” Steve Schmidt, chief security officer at Amazon, told CyberScoop in a phone interview. “Physical and digital security cannot be treated as separate domains with separate domains and approaches.”

Governments traditionally have requirements for actions to occur or access to specific information, and oftentimes those objectives were treated separately. Yet, now when governments want to achieve military objectives, military planners are asking for more precise details about the target, Schmidt said.

While nation-state attackers can compromise networks that contain data identifying those targets, those details are typically generalized. To get more exact information, nation-state attackers are compromising closed-circuit television (CCTV), or security cameras, on the target itself. 

This allows military planners to “see where the [target] is physically and actually do live adjustments of targeting while you have weapons in flight,” Schmidt said.

Amazon provided two case studies as examples of cyber-enabled kinetic targeting in a blog post Wednesday. The most recent attack involves MuddyWater, a threat group linked to Iran’s Ministry of Intelligence and Security, that provisioned a server in May and used that infrastructure a month later to access another compromised server containing live CCTV streams from Jerusalem.

When Iran launched missile attacks on Jerusalem on June 23, Israeli authorities said Iranian forces were using real-time intelligence from compromised security cameras to adjust missile targeting, Amazon said.

Cyber-enabled kinetic targeting employs common tools and tactics that display advanced skills in anonymizing virtual private networks, using their own servers for command-and-control capabilities, compromising enterprise systems such as CCTV systems or maritime platforms, and gaining access to real-time data streams, according to Amazon.

These multi-layered, collaborative attacks require critical infrastructure operators and threat intelligence professionals to expand their remit, Schmidt said. 

“Traditional cybersecurity frameworks treat the digital and the physical threats as really separate domains, but we realized, through our own internal work and our research, of course, that this separation is not only artificial but actually detrimental,” he said. 

“You have to think about these things as integrated wholes, because even physical world assets, like a ship, are really a cyber asset as well. And multiple nation-state threat groups are pioneering a new operational model where cyber reconnaissance directly enables kinetic targeting,” Schmidt added. 

Amazon said this is a warning and call to action for defenders to consider how compromised systems might be used to support physical attacks and recognize that their systems might be valuable targeting aids for kinetic operations. This also demonstrates the need for threat intelligence sharing across the private sector and government to work through more complex attribution response frameworks, the company said. 

Multiple nation-states will increasingly employ cyber-enabled kinetic targeting, CJ Moses, chief information security officer of Amazon Integrated Security, said in the blog post. 

“Nation-state actors are recognizing the force multiplier effect of combining digital reconnaissance with physical attacks,” he said. “This trend represents a fundamental evolution in warfare, where the traditional boundaries between cyber and kinetic operations are dissolving.”

Many seemingly espionage-focused attacks that have already been made public might ultimately be an entry point for kinetic targeting, according to Schmidt. 

Countries that have both advanced cyber capabilities and military strength are most likely to succeed at cyber-enabled kinetic targeting, he said. 

The most prominent threats come from nation-state attackers who are more specialized in their targeting. “The targeting of maritime navigation systems is a relatively unique skill, and it is different from the targeting of a cryptocurrency exchange,” Schmidt said. 

“It takes different knowledge, and so you’re seeing groups pop up onto the radar, which we may not have followed before because there wasn’t that volume of activity.”

The post Amazon warns of global rise in specialized cyber-enabled kinetic targeting appeared first on CyberScoop.