惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

宝玉的分享
宝玉的分享
酷 壳 – CoolShell
酷 壳 – CoolShell
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
S
Security @ Cisco Blogs
小众软件
小众软件
D
Docker
博客园_首页
A
About on SuperTechFans
P
Privacy International News Feed
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
A
Arctic Wolf
Spread Privacy
Spread Privacy
有赞技术团队
有赞技术团队
T
Tailwind CSS Blog
Latest news
Latest news
WordPress大学
WordPress大学
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
T
The Exploit Database - CXSecurity.com
C
Cybersecurity and Infrastructure Security Agency CISA
大猫的无限游戏
大猫的无限游戏
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
K
Kaspersky official blog
V2EX - 技术
V2EX - 技术
SecWiki News
SecWiki News
U
Unit 42
GbyAI
GbyAI
H
Hackread – Cybersecurity News, Data Breaches, AI and More
L
LINUX DO - 热门话题
S
Security Affairs
Y
Y Combinator Blog
aimingoo的专栏
aimingoo的专栏
Blog — PlanetScale
Blog — PlanetScale
MongoDB | Blog
MongoDB | Blog
博客园 - 【当耐特】
The GitHub Blog
The GitHub Blog
T
Tenable Blog
W
WeLiveSecurity
Cloudbric
Cloudbric
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
G
Google Developers Blog
Application and Cybersecurity Blog
Application and Cybersecurity Blog
N
Netflix TechBlog - Medium
F
Full Disclosure
N
News and Events Feed by Topic
D
DataBreaches.Net
P
Proofpoint News Feed
B
Blog RSS Feed
B
Blog
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org

The Register - Security: CSO

Anthropic's Mythos has The Kettle crew curious, skeptical 'People's Panel' to check if UK wants controversial Digital ID will cost £630K Top npm package backdoored to drop dirty RAT on dev machines Lightning-fast exploits mean patch fast, says Cisco Talos Lightning-fast exploits mean patch fast, says Cisco Talos Smooth criminals talking their way into cloud environments, Google says Cybercrime up 245% since the start of the Iran war Scattered Lapsus$ Hunters seeks women to defraud helpdesks Every day in every way, passwords are getting worse CISA quietly updated ransomware flags on 59 flaws last year Deepfake job seeker applied to work for an AI security firm Deepfake job seeker applied to work for an AI security firm AI-powered cyberattack kits are 'just a matter of time' AI-powered cyberattack kits are 'just a matter of time' FortiGate SSO bug still exploitable despite December patch FortiGate SSO bug still exploitable despite December patch Judge tosses CrowdStrike shareholder suit over 2024 outage DRAM shortage may drive firewall prices higher: analysts Ransomware attacks kept climbing in 2025 as gangs refused to stay dead Around 1,000 systems compromised in ransomware attack on Romanian water agency 1,000 systems pwned in Romanian Waters ransomware attack Half of exposed React servers remain unpatched amid attacks CISA warns spyware crews are breaking into Signal and WhatsApp accounts FCC guts Salt Typhoon telco rules despite espionage risk CISA orders feds to patch Oracle Identity Manager zero-day SEC drops SolarWinds lawsuit that painted a target on CISOs everywhere SEC bails on SolarWinds lawsuit Palo Alto kit sees massive surge in malicious activity amid mystery traffic flood Palo Alto kit sees massive surge in malicious activity Overconfidence is the new zero-day as teams stumble through cyber simulations UK's Cyber Security and Resilience Bill makes Parliamentary debut Cyber insurers paid out over twice as much for UK ransomware attacks last year Cyberpunks mess with Canada's water, energy, and farm systems Trump's workforce cuts blamed as America's cyber edge dulls Feds flag active exploitation of patched Windows SMB vuln How malware vaccines could stop ransomware's rampage Salesforce refuses to pay ransomware crims' extortion demand Germany slams brakes on EU's Chat Control snoopfest Germany slams brakes on EU's Chat Control snoopfest Employees regularly paste company secrets into ChatGPT Oracle tells Clop-targeted EBS users to apply July patch Red Hat repos raided, claims cybercrew, files stolen Suspected Chinese spies broke into 'numerous' enterprises UK gov acknowledges 'strong case' for JLR financial support JLR extends shutdown – again – as toll on workers laid bare UK chancellor blames cyberattacks on Russia despite evidence Fortra discloses 10/10 severity bug in GoAnywhere MFT Entra ID bug could have granted access to every tenant UEFI Secure Boot for Linux Arm64 – where do we stand? JLR says cyber cleanup to take additional week Insider blamed for FinWise data breach affecting nearly 700K Nork snoops whip up fake military ID with help from ChatGPT UK government dragged for incomplete security reforms Church of England abuse victims exposed by lawyer's email US spy chief claims UK backdown on Apple backdoor demand Workday confirms CRM breach via social engineering Black Hat/DEF CON: AI more useful for defense than hacking Ex-White House cyber guru talks Microsoft security fails CISA releases malware analysis for Sharepoint Server attack China: US spies used Microsoft Exchange 0-day to steal info Security pros drowning in threat-intel data Identity attacks surge 156% as phishermen get craftier Organizations can’t keep up with supply chain security musts Amazon CISO: Iranian hacking crews ‘on high alert’ UK data watchdog fines 23andMe £2.3M over 2023 breach Employers are demanding too much from junior cyber recruits FCA warned four staffers who pocketed regulator data Ransomware just wrecked your network – now what? Ivanti RCE attacks 'ongoing,' exploitation hits clouds Ex-NSA listened to Scattered Spider's calls: 'They're good' Snowflake CISO talks lessons learned from breaches, improv Why CVSS is failing us and what we can do about it Infosec pros still aren't nailing the basics of AI security Ransomware crims targeting systems between IT and operations Why aggregating asset inventory leads to better security NCSC and industry at odds over how to tackle shoddy software Powerschool extortionists may not have deleted stolen data CrowdStrike trims workforce by 5 percent, aims to rely on AI NSO Group must pay Meta $168M in WhatsApp spy case Ghost in the shell script: Boffins seek code correctness How Intruder finds what others miss in cloud security Linux malware can avoid syscall-based endpoint protection Infosec pro blabs about alleged malware mishap on LinkedIn The future of AI in cybersecurity in a word – optimistic CVE board 'kept in the dark' on funding, members say Security snafus caused by third parties up from 15% to 30% Blue Shield shared 4.7M people's health info with Google Ads Who needs phishing when your login's already in the wild? US cyber defenses are being dismantled from the inside Bug hunter obtains an SSL cert for Alibaba Cloud in 5 steps
Countries use cyber targeting to plan strikes: Amazon CSO
Jessica Lyons Jessica Lyons · 2025-11-20 · via The Register - Security: CSO

AWS Re:invent

Amazon security boss: Hostile countries use cyber targeting for physical military strikes

And companies are getting caught in the crossfire

INTERVIEW Warfare has become a joint cyber-kinetic endeavor, with nations using cyber operations to scope out targets before launching missiles. And private companies, including shipping, transportation, and electronics manufacturers, are getting caught in the crossfire, according to Amazon.

This represents a "new operational model that's neither traditional cyber attack nor conventional warfare," Amazon Chief Security Officer Steve Schmidt told The Register. "The targeting data collected through cyber means flows directly into kinetic decision making."

It also requires companies to take a different approach to security and risk management.

"Organizations that historically didn't consider themselves targets for nation-state actors - like a shipping company - may now be targeted simply because they have access to valuable intelligence, like surveillance cameras or industrial control systems or location data," Schmidt said.

"Moreover, physical and digital security can no longer be treated as separate domains with separate teams and approaches who don't share with each other," he continued. "Organizations need to consider how their systems might be leveraged, not just for direct exploitation, but as intelligence tools and broader operations."

Digital recon to physical attacks

Case in point: Iran's government-backed cyber threat groups, Imperial Kitten and MuddyWater, used digital reconnaissance to prepare for physical attacks.

In a blog post published Wednesday and shared ahead of publication with The Register, Amazon Chief Information Security Officer CJ Moses details two examples of how cyber operations preceded military strikes. Amazon Threat Intelligence spotted both of these campaigns using a combination of intel from its MadPot honeypot systems, customer data (provided on an opt-in basis), and threat-sharing between government agencies and industry partners.

Imperial Kitten (aka UNC1549, Smoke Sandstorm, and APT35), which operates on behalf of Iran's Islamic Revolutionary Guard Corps (IRGC), compromised a maritime vessel's Automatic Identification System (AIS) platform in December 2021, giving it access to critical shipping infrastructure. 

Amazon says it worked with the affected organization to remediate the threat.

Then, in August 2022, Imperial Kitten expanded its targeting to additional ships, and in one instance, broke into CCTV cameras aboard the vessel, providing real-time visual intelligence.

In January 2024, the IRGC's cyber arm began conducting targeted searches for AIS location data for a specific shipping vessel, and on February 1, 2024, US Central Command reported a missile strike by Houthi forces against that ship. "While the missile strike was ultimately ineffective, the correlation between the cyber reconnaissance and kinetic strike is unmistakable," Moses wrote.

In a more recent example: Amazon tracked MuddyWater (aka Seedworm, APT34, OilRig, and TA450),  which is linked to Iran's Ministry of Intelligence and Security (MOIS), provisioning a server for a cyber campaign on May 13. On June 17, they used this infrastructure to access another compromised server containing live CCTV streams from Jerusalem, allowing the crew to surveil the city for potential targets.

And on June 23, "Iran launches widespread missile attacks against Jerusalem. On the same day, Israeli authorities report that Iranian forces were exploiting compromised security cameras to gather real-time intelligence and adjust missile targeting."

It's not just Iran combining cyber and physical warfare. There have also been reports of Russia hacking into surveillance cameras to coordinate its attack on Kyiv. "We know that Iran and Russia both have a very tight intelligence-sharing relationship," Schmidt told The Register.

Then, there's China. "We certainly have seen the Chinese continue down the path that they've been on, which is both pre-positioning for access, but also intentionally combining intelligence gathering and physical world attacks," he added. "A public example of that was when they compromised the water and electrical systems on Guam."

Network defenders working to combat these types of cyber-enabled kinetic attacks must expand their threat models and improve intelligence sharing, according to Amazon.

"The first thing organizations need to do is make an intentional decision to look at the two domains together, to understand how their physical world and their logical world are connected," Schmidt said. "For example: How are the lights controlled in my corporate headquarters? If the building is at all modern, they're probably controlled via some internet connected system. How is that system protected? Who's watching it? Who's responsible?"

The next step, he said, is to understand the supply chain components of each part of the business: "Where are they physically located? How are they shipped in and out of that location? Where are those shipping documents stored? Who has access to the physical containers along the way? Start down the process of just unraveling all the very complex inter-relations that we have between the physical world and the logical world."

Unfortunately, there's no easy button for this. It's time consuming, tedious work. But, according to Schmidt, it's a critical risk-management practice. 

"The physical world and the logical world are interrelated," he said. "If organizations don't view the threat holistically across both of those domains, they will be missing opportunities." ®