Welcome, listeners. Thank you again for joining us in the SafeBreach studios for the cyber resilience brief, a SafeBreach podcast. I’m Tova Devoren, and I’m joined as always by Adrian Cully, offensive engineer here at SafeBreach. Today, we’re diving into a moment in time that changed the definition of hybrid warfare. We’re going back to June the thirteenth twenty twenty five, not that long ago in actual days, weeks, and months, but a million years ago in the world of the Shadow War. I was about to say, it’s so short ago, but so long ago, this was operation rising lion. On the ground, it was a major air offensive by Israel against Iranian strategic sites. But in the digital world, it was the start of what analysts now call the twelve days of cyber war. While the missiles were flying Tova, the keyboards were already smoking. Evidence from the period shows very clearly the gap between a physical strike and a digital counterstrike has effectively vanished. It’s now measured in minutes, if not seconds, and certainly not days and weeks. And one of the most striking things about the twenty twenty five escalation was the sheer number of hacktivist groups that suddenly appeared. Right, Tovar. And groups like Cyber Avengers, that’s with a three in the first e in Avengers, and the the Haendala hack team. On paper, they claim to be independent patriots. Investigation very quickly shows a a very different story. These are highly coordinated front groups of the Islamic Revolutionary Guard Corps. Let’s talk about the Handala operation. They didn’t just go after data. They went after the Israeli psyche. Exactly. Social engineering on June the third twenty twenty five. Just ten days after the initial strikes, Handala claimed to have the exact coordinates of every civilian shelter in Israel. They sent mass SMS alerts spoofed to look like they came from the home front command. Yeah. I actually remember that very well. People were getting messages saying that fuel was running out or that specific shelters were unsafe. And let me tell you, I’ve been in those specific shelters. We knew what was unfaithful. We didn’t know anything. But it was just pure psychological warfare. Exactly, Tovar. It’s digital fog of war. A contemporary example of what Clausewitz back in the nineteenth century wrote off so long ago. While the government was trying to manage a kinetic conflict, they were forced to fight a parallel war against mass panic or attempted mass panic caused by a few lines of code and a database of phone numbers. But it wasn’t just SMS alerts. There was a much more dangerous trend that was the targeting of operational technology or OT. This is where it gets truly scary. Cyber Avengers began targeting Unitronics PLCs, the programmable logic controllers. Those are the little computers that control things like water pressure, chemical levels, and valves in treatment plants. Right. And they weren’t just targeting Israel. No, it becomes really interesting that those PLCs are made in Israel. The group declared because of this that any facility globally, doesn’t matter where, was a legal target. We saw water authorities in Pennsylvania, USA, and several other US states get hit. It’s a nation state level supply chain hacking attack and hacktivism. Yeah. The attackers left a message on their screens, down with Israel, every equipment made in Israel is our target, which of course makes you wonder how they’re hacking us to begin with because they’re using Israeli made computers. But that’s another story. It is for another day. Luckily, this instance, back in June twenty five, the impact was limited to the screens and some remote sensors. But experience highlighted the terrifying potential. If they had moved deeper into the logic of those PLCs, they could have physically damaged the pumps and or compromised water safety. They proved that a regional conflict in the Middle East can have immediate physical consequences for a small town in America or anywhere else in the world. And we’ll be right back. Adrian, this is where our safe reach mission feels the most urgent. How do you simulate a threat against a water plant or a power grid without actually breaking it? That is the million dollar question. Fortunately, we have an answer. Traditional penetration testing, legacy penetration testing is too risky for OT environments. You can’t risk crushing a controller that keeps a turbine coolant for good reason. Most OT engineers wouldn’t dream of letting a legacy penetration tester anywhere near their production environment. So how does SafeBreach handle it in practice? So it’s right there in our name hiding in plain sight, Tova. SafeBreach. We focus on the IT to OT bridge initially. Most attackers don’t start at the PLC. They start in the business office in the IT side. There’s still a password from reception’s computer, use it to hop over to the Airgap into the control network. And what we’re doing is essentially simulating the hops. Exactly. We use SafeBridge Validate to continuously test the firewalls and the DMZs between your corporate office and your factory floor. Ninety percent of these OT breaches happen because of a misconfigured jump server or a default full password like one one one one. Yeah. And so essentially, what we’re doing is validating that simple mistakes aren’t there, making it more complicated. Exactly, we start with basic cyber hygiene, and we use adversarial exposure validation to prioritise the findings. If we find a path in your PLC network, AEV tells you this path is exactly what Cyber Avengers used in the June twenty twenty five attacks. It makes the threat real for the board and for the engineering teams. Again, actually emulating the threat that is relevant to you. Exactly. And we can’t talk about the June war without mentioning the retaliation for the retaliation. So I assume to have you talking about predatory sparrow or to mangle it my bad Farsi Gunjeshki Derandi. Yeah. Absolutely. It’s possibly an Israeli linked group, although that’s not confirmed. On June seventeenth, they hit back pretty hard. They did. They took down Banksepa, which is the IRGC’s primary bank. This is really hitting them where it hurts. They claim to have destroyed the data and burned ninety million dollars in cryptocurrency. This is the new reality, a digital eye for an eye. You’ve got the the accords of Abraham being delivered digitally. If you hit our water, we hit your money. Yeah. It’s an escalation ladder that essentially has no end. June Right. Right. June twenty twenty five was a warning shot for the entire world. Cyberspace is no longer a secondary theater. It’s where the first strike and the final strike now happens. And and in our sixth episode, we’re going to look at what’s coming for twenty twenty six. We’re now in twenty twenty six. The Iranian threat is already very active and continuing to evolve. That’s right. We’re talking about supply chain attacks and the rise of agentic AI. Look forward to welcome you all back to the SafeBreach studios for the series finale. And until then, stay safe. Stay safe with SafeBreach. The cyber resilience brief is a SafeBreach podcast. Executive produced by Adrian Cully and Tova Devoren. Music produced by Sar Jussner. Hosted, edited, and compiled on Riverside. For more about SafeBreach and how you can validate your security controls across your entire IT infrastructure, visit us at w w w dot safereach dot com. That’s w w w dot s a f e e r e a c h dot com.
