Arthur T Knackerbracket has processed the following story:
"In the cyber world, there's no such thing as a ceasefire," he told The Register.
If we see something in cyberspace that can disrupt us, we're going to attack it first, and we have that under US Cyber Command's mission
Bolukbas is chief technology officer and founder of Black Kite, a cyber-risk intelligence firm that assesses businesses' third-party supplier risks. His company also shares and receives threat intel with and from the US National Security Agency (NSA), as do other private security firms.
Prior to founding Black Kite in 2016, Bolukbas worked for NATO as a part of its counter cyberterrorism task force, helping member and partner countries harden their network defenses by simulating offensive cyber attacks against government agencies.
His final mission with NATO involved red-teaming a critical power grid in Kiev, Ukraine. Most of the facilities' systems were airgapped, isolated from external networks, which made it more difficult to break into.
"It wasn't easy to target, so I said, 'OK, let me find the suppliers for this organization'," Bolukbas recalled. "I found 20 of them, picked one that would be the easiest to find and target, and used that to access the grid control panel, literally one command away from taking down the grid."
Shortly after, in 2015, Russia's Sandworm did shut off part of Ukraine's electricity grid, resulting in power outages for tens of thousands of Ukraine residents for a number of hours.
Ten years later, Bolukbas says he's worried about one of Iran's cyber-arms doing something similar to Israeli or American critical infrastructure in retaliation for the air strikes earlier this month.
"My belief is that they're going to go after the supply chain, because that's our weak spot," Bolukbas said, adding that while it's really difficult to breach the Pentagon's networks directly, Iran is "going to go after the supply chains of Israel and US Department of Defense suppliers."
He pointed to Russia compromising Western logistics firms and tech companies, including email providers, as a means of collecting valuable intel about Ukrainian targets and military strategy in that ongoing conflict. Russian cyberspies also breached internet-connected cameras at Ukrainian border crossings to track aid shipments, and targeted at least one provider of industrial control system (ICS) components for railway management, according to a joint government advisory issued last month.
Similarly, smart TVs and other home IoT devices can be easily compromised and used to build a botnet for distributed denial of service attacks, or a massive network of connected boxes to route traffic and launch cyberattacks against high-value targets.
"It's very unlikely that they can launch a sophisticated attack against the NSA, Pentagon, or those kinds of bigger organizations," Bolukbas said. "Those are outside of Iran's reach unless Russia or China backs them," which he believes is also highly unlikely.
Giving Iranian cyber operatives access to some critical American network after Russia and China did the dirty work of breaking in, or blowing a zero-day exploit to aid Iran, isn't in either of these countries' best interests, Bolukbas explained. It's more likely that Moscow and Beijing would want to save this stealthy access and/or cyber weapons, and use them at a time that will benefit their geopolitical or military goals.
"Iran is alone in this game, but they can go after the low-hanging fruit," Bolukbas said.
While "we haven't seen any ceasefire happening" in terms of Iranian cyber campaigns, especially when it comes to phishing for high-value individuals' credentials and sensitive military info, "we also do this," Bolukbas said, referring to the United States.
Case in point: Stuxnet, a malware deployed against Iran's nuclear fuel centrifuges, was a joint American-Israeli op. "And that, of course, was during a ceasefire. We were not in a war with Iran," Bolukbas said.
"The US has the biggest cyber army, strategic or talent-wise," he added. "The NSA is known for having the biggest zero-day arsenal on the planet. We have a doctrine on something called defense forward that says if we see something in cyberspace that can disrupt us, we're going to attack it first, and we have that under US Cyber Command's mission."
The NSA is known for having the biggest zero-day arsenal on the planet
And while Bolukbas doesn't expect to see the US unleash any major cyber weapons against Iran at this point in the conflict, he suspects cyber espionage, influence operations, hack-and-leaks, and poking holes in Iran's military and cyber infrastructure are all regular occurrences.
The US didn't enter the Iran-Israel war with bombs, he contended. "That was started in cyberspace a long time ago."
Bolukbas also has advice for network defenders to protect against Iranian cyber threats. "Be careful with phishing attacks," he said. "That's very common because Iran doesn't have a lot of zero days, so they go heavy on social attacks. Be careful what you're clicking on."
Second: don't believe everything you read or see, according to Bolukbas. Iran, along with Russia and China, are getting really good at using generative AI for fake news and social media posts that aim to manipulate public opinion.
"Last but not least: patch your systems, including IoT for end users and residential people," Bolukbas said. "Patch your external-facing systems quickly, not a week or 10 days or a month later, because time is ticking from the day that the vulnerability is disclosed. Iranian groups are trying to develop an exploit. If they develop the exploit before the patch, they're not going to hesitate to use that."
(Score: 2) by JoeMerchant on Tuesday July 01, @11:18PM (2 children)
https://thehackernews.com/2025/06/us-agencies-warn-of-rising-iranian.html [thehackernews.com]
🌻🌻🌻 [google.com]
(Score: 3, Funny) by aafcac on Wednesday July 02, @06:10AM (1 child)
I'm wondering a bit about them borrowing or hiring Russian, Chinese or North Korean talent to speed things up.
(Score: 2) by JoeMerchant on Wednesday July 02, @12:51PM
>borrowing or hiring Russian, Chinese or North Korean talent
Modern alliances. Probably arranged and maintained on one of many "dark webs" for plausible deniability. Running local instances of language translation software for operational security - they natively speak Farsi, Russian, Mandarin, etc. but communicate in Spanglish to throw off any successful eavesdroppers.
🌻🌻🌻 [google.com]
(Score: 0) by Anonymous Coward on Wednesday July 02, @05:47AM
In cyber there's no ceasefire, only A/S/L.
I just can't take military IT people seriously.
(Score: 3, Interesting) by Thexalon on Wednesday July 02, @12:59PM (3 children)
The thing I find interesting about that is that "best defense is a good offense" strategy, which seems to have carried over from the meatspace military. I'd think there would be a lot more value in creating systems that are properly secured from attack so that the bad guys can try things but they don't disrupt anything. Including techniques like air-gapping stuff that's really important, which isn't a guarantee but at least makes it much harder.
But no, we can't do that, because testing for vulnerabilities is harder than exploiting them, I guess. Oh, and one of the things currently seen as on the chopping block is all US federal government vulnerability tracking programs, because CVEs and similar systems are apparently bad or useless.
"Think of how stupid the average person is. Then realize half of 'em are stupider than that." - George Carlin
(Score: 3, Interesting) by JoeMerchant on Wednesday July 02, @03:14PM (2 children)
> I'd think there would be a lot more value in creating systems that are properly secured from attack
Value to us, but when "the enemy" is copying our systems, there's far more value in those systems having vulnerabilities in them that we know about, and they don't. At least that's the mentality.
Cybersecurity is easy: a brick is 100% safe from cyber-attack. A brick with a network port... pretty much secure. Activate that network port and let it control functions inside the box (no longer a brick)? Yeah, now we're getting into interesting territory. From there, the core issue becomes: key management. If the network port requires a 8192 bit per transaction one-time-pad key for all transactions, nobody's exploiting that without a $5 wrench.
But... we're all humans, so we access important stuff from our insecure personal cell phones, because we're idiots. The real problem will come when we have adversaries who aren't idiot humans.
🌻🌻🌻 [google.com]
(Score: 2) by Thexalon on Wednesday July 02, @04:30PM (1 child)
And of course the main flaw in that is that the Chinese or Iranians or Russians probably know about those vulnerabilities too, and the US doesn't know that they know.
Something else I can't help but think about in this space: Because of how many of our critical systems rely on privately-owned and often commercially-sold proprietary systems, there's not a really organized system where the NSA or whoever can say "apply this patch, right now" and have a good probability of getting it in place in time, and if the NSA does pass along a patch or even a reported vulnerability to the vendor then odds are pretty good that the fix will be distributed to everybody. Whereas if there was a publicly owned and controlled, say, system for running the power grid or network backbone or banking system, they could potentially distribute stuff much more quickly and thus defend more effectively. Of course, the slavish devotees of the Almighty Dollar won't allow that sort of thing to happen, but a man can dream ...
And yeah, the idea that everyone should be able to do everything from everywhere is a really huge problem.
"Think of how stupid the average person is. Then realize half of 'em are stupider than that." - George Carlin
(Score: 2) by JoeMerchant on Wednesday July 02, @05:47PM
>And of course the main flaw in that is that the Chinese or Iranians or Russians probably know about those vulnerabilities too, and the US doesn't know that they know.
There's the very famous story of the Russian gas pipeline that went boom when the US sourced component activated its CIA payload, and of course the Iranian centrifuges are legend... What's true, and what's not publicized is impossible to know, from my perspective at least.
> the idea that everyone should be able to do everything from everywhere is a really huge problem.
I'd say that's the hugest problem of all...
Meanwhile, I sit next to a stack of 16 (Chinese designed, manufactured, and cloud operated) WiFi connected gizmos that used to control innocuous stuff in my house, like lights. They accumulated over a dozen years and finally I got paranoid enough to rip off the band-aid and replace them all with a Zigbee system a couple of months ago. So, now I have 45 Zigbee devices talking through a gateway that gets regular firmware updates from its maker: "Shenzhen Baishi Video Technology Co., Ltd. Building 4, CangqianJinfuyuan, Nanxin Road, Nanshan District, Shenzhen, China" but, at least when I pull the internet plug the whole system continues to function. 90% of those devices were purchased directly from China through AliExpress (both before and after the TACO tariff), but somehow I feel more secure... at least they're not "phoning home" on a regular basis, at least I don't _think_ they are... While they still control the lights, they also are getting their tendrils into meatier stuff like my HVAC system... still no door control or life-safety related functions, yet, though some of those cheap AliExpress products are tempting... Oh, and while my old system was just voice controlled from Google's wiretaps, the new one is using home assistant software which I have exposed through a firewall port so I (and anyone with my access codes) can see and control the system from anywhere... yeah, so much more secure now, but fun - except for that CO2 buildup data, that's a nagging thing.
🌻🌻🌻 [google.com]