惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Simon Willison's Weblog
Simon Willison's Weblog
P
Privacy International News Feed
www.infosecurity-magazine.com
www.infosecurity-magazine.com
T
Troy Hunt's Blog
Hacker News - Newest:
Hacker News - Newest: "LLM"
Attack and Defense Labs
Attack and Defense Labs
S
Secure Thoughts
V2EX - 技术
V2EX - 技术
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
O
OpenAI News
Cloudbric
Cloudbric
Google Online Security Blog
Google Online Security Blog
Schneier on Security
Schneier on Security
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
Help Net Security
Help Net Security
Cyberwarzone
Cyberwarzone
G
GRAHAM CLULEY
L
Lohrmann on Cybersecurity
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Spread Privacy
Spread Privacy
NISL@THU
NISL@THU
N
News and Events Feed by Topic
T
Tenable Blog
S
Security @ Cisco Blogs
N
News and Events Feed by Topic
The Hacker News
The Hacker News
C
CXSECURITY Database RSS Feed - CXSecurity.com
宝玉的分享
宝玉的分享
月光博客
月光博客
酷 壳 – CoolShell
酷 壳 – CoolShell
美团技术团队
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
Google DeepMind News
Google DeepMind News
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
T
Tailwind CSS Blog
V
Visual Studio Blog
P
Proofpoint News Feed
Webroot Blog
Webroot Blog
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
博客园 - 三生石上(FineUI控件)
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
Jina AI
Jina AI
雷峰网
雷峰网
T
The Blog of Author Tim Ferriss
Hugging Face - Blog
Hugging Face - Blog
腾讯CDC
L
LangChain Blog
The Register - Security
The Register - Security
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
博客园 - 聂微东

The Register - Special Features: AWS Re:invent

DJ Garman drops the ball instead of the bass in AWS re:Invent keynote Amazon keeps the pressure on Intel, AMD with 192-core Graviton5 CPU Amazon is forging a walled garden for enterprise AI AWS offers AI-in-a-box for enterprise datacenters AWS admits AI coding tools cause problems, reckons its three new agents fix 'em AWS joins Microsoft, Google in the security AI agent race Amazon primed to fuse Nvidia's NVLink into 4th-gen Trainium accelerators AWS: How do you do, fellow kids? Please watch our keynotes in Fortnite AWS, Google roll out multi-cloud fix they said wasn't needed AWS under pressure as big three battle to eat the cloud market EU eyes AWS, Azure for gatekeeper tag in cloud clampdown Geopolitics push European CIOs to think local on cloud Atlassian moves Jira, Confluence instances to AWS Graviton
Countries use cyber targeting to plan strikes: Amazon CSO
Jessica Lyons Jessica Lyons · 2025-11-20 · via The Register - Special Features: AWS Re:invent

AWS Re:invent

Amazon security boss: Hostile countries use cyber targeting for physical military strikes

And companies are getting caught in the crossfire

INTERVIEW Warfare has become a joint cyber-kinetic endeavor, with nations using cyber operations to scope out targets before launching missiles. And private companies, including shipping, transportation, and electronics manufacturers, are getting caught in the crossfire, according to Amazon.

This represents a "new operational model that's neither traditional cyber attack nor conventional warfare," Amazon Chief Security Officer Steve Schmidt told The Register. "The targeting data collected through cyber means flows directly into kinetic decision making."

It also requires companies to take a different approach to security and risk management.

"Organizations that historically didn't consider themselves targets for nation-state actors - like a shipping company - may now be targeted simply because they have access to valuable intelligence, like surveillance cameras or industrial control systems or location data," Schmidt said.

"Moreover, physical and digital security can no longer be treated as separate domains with separate teams and approaches who don't share with each other," he continued. "Organizations need to consider how their systems might be leveraged, not just for direct exploitation, but as intelligence tools and broader operations."

Digital recon to physical attacks

Case in point: Iran's government-backed cyber threat groups, Imperial Kitten and MuddyWater, used digital reconnaissance to prepare for physical attacks.

In a blog post published Wednesday and shared ahead of publication with The Register, Amazon Chief Information Security Officer CJ Moses details two examples of how cyber operations preceded military strikes. Amazon Threat Intelligence spotted both of these campaigns using a combination of intel from its MadPot honeypot systems, customer data (provided on an opt-in basis), and threat-sharing between government agencies and industry partners.

Imperial Kitten (aka UNC1549, Smoke Sandstorm, and APT35), which operates on behalf of Iran's Islamic Revolutionary Guard Corps (IRGC), compromised a maritime vessel's Automatic Identification System (AIS) platform in December 2021, giving it access to critical shipping infrastructure. 

Amazon says it worked with the affected organization to remediate the threat.

Then, in August 2022, Imperial Kitten expanded its targeting to additional ships, and in one instance, broke into CCTV cameras aboard the vessel, providing real-time visual intelligence.

In January 2024, the IRGC's cyber arm began conducting targeted searches for AIS location data for a specific shipping vessel, and on February 1, 2024, US Central Command reported a missile strike by Houthi forces against that ship. "While the missile strike was ultimately ineffective, the correlation between the cyber reconnaissance and kinetic strike is unmistakable," Moses wrote.

In a more recent example: Amazon tracked MuddyWater (aka Seedworm, APT34, OilRig, and TA450),  which is linked to Iran's Ministry of Intelligence and Security (MOIS), provisioning a server for a cyber campaign on May 13. On June 17, they used this infrastructure to access another compromised server containing live CCTV streams from Jerusalem, allowing the crew to surveil the city for potential targets.

And on June 23, "Iran launches widespread missile attacks against Jerusalem. On the same day, Israeli authorities report that Iranian forces were exploiting compromised security cameras to gather real-time intelligence and adjust missile targeting."

It's not just Iran combining cyber and physical warfare. There have also been reports of Russia hacking into surveillance cameras to coordinate its attack on Kyiv. "We know that Iran and Russia both have a very tight intelligence-sharing relationship," Schmidt told The Register.

Then, there's China. "We certainly have seen the Chinese continue down the path that they've been on, which is both pre-positioning for access, but also intentionally combining intelligence gathering and physical world attacks," he added. "A public example of that was when they compromised the water and electrical systems on Guam."

Network defenders working to combat these types of cyber-enabled kinetic attacks must expand their threat models and improve intelligence sharing, according to Amazon.

"The first thing organizations need to do is make an intentional decision to look at the two domains together, to understand how their physical world and their logical world are connected," Schmidt said. "For example: How are the lights controlled in my corporate headquarters? If the building is at all modern, they're probably controlled via some internet connected system. How is that system protected? Who's watching it? Who's responsible?"

The next step, he said, is to understand the supply chain components of each part of the business: "Where are they physically located? How are they shipped in and out of that location? Where are those shipping documents stored? Who has access to the physical containers along the way? Start down the process of just unraveling all the very complex inter-relations that we have between the physical world and the logical world."

Unfortunately, there's no easy button for this. It's time consuming, tedious work. But, according to Schmidt, it's a critical risk-management practice. 

"The physical world and the logical world are interrelated," he said. "If organizations don't view the threat holistically across both of those domains, they will be missing opportunities." ®