Saturday, Jun 21, 2025 // (IG): BB // GITHUB // SN R&D
Iran’s “No War, No Peace” Doctrine Collapses Under Israeli Cyber-Military Offensive
Bottom Line Up Front (BLUF): Iran’s decades-old deterrence strategy of limited escalation and proxy warfare has unraveled amid a full-scale Israeli assault targeting its military, nuclear, and cyber infrastructure. Experts argue that Tehran misjudged Israel’s willingness to strike preemptively following the October 2023 Hamas attack, leading to severe strategic and cyber failures.
Analyst Comments: The implosion of Iran’s asymmetric warfare doctrine marks a critical inflection point in Middle Eastern security dynamics. Once reliant on proxy groups and cyber capabilities to avoid direct confrontation, Iran now faces military and digital attacks on its core infrastructure. Israel’s control of the electromagnetic and cyber domains, in tandem with kinetic superiority, underscores a new model of hybrid warfare. With its missile and drone systems degraded and cyber defenses compromised, Iran may be forced into diplomatic concessions under duress—potentially resetting regional deterrence equations.nts.
FROM THE MEDIA: Iran’s strategy of balancing between aggression and restraint—dubbed “no war, no peace”—has collapsed under the weight of Israel’s sustained military campaign. Following the October 7, 2023 Hamas attack, Israel radically recalibrated its risk tolerance, launching surprise strikes that decimated Iranian air defenses and command infrastructure. These include cyber-enabled precision attacks and sabotage operations widely attributed to Mossad. Analysts say Iran's failure to anticipate Israel’s strategic pivot led to a devastating intelligence and air superiority gap. The cyber dimension of the conflict has played a critical role, with Iran’s command-and-control systems disrupted, and its digital arsenal outmaneuvered. Proxy groups like Hezbollah and the Houthis have offered limited retaliation, signaling a weakening of Iran’s regional influence network. Experts suggest the Islamic Republic may soon be forced into nuclear negotiations from a position of unprecedented weakness.
READ THE STORY: FT
Cyberattack Cripples Russia’s Mercury System, Disrupts National Dairy Supply Chain
NOTE:
Unlike grains or preserved foods that can be stored for extended periods, dairy products like milk, cheese, and yogurt have extremely short shelf lives and require continuous, rapid processing and distribution to prevent spoilage—meaning even brief delays in veterinary certification can result in massive product losses and immediate shortages on store shelves. Russia's dairy industry was already struggling with sanctions-related equipment shortages, reduced access to imported feed supplements, and disrupted export markets due to the Ukraine war, so this digital disruption hits a sector that lacks the resilience to absorb additional shocks. Dairy is also a dietary staple that directly affects household food security, particularly for children and vulnerable populations, making shortages highly visible to the public and potentially sparking social unrest or undermining confidence in government competency during a challenging wartime period.
Bottom Line Up Front (BLUF): Russia’s Mercury certification platform has disrupted dairy supply chains nationwide, reversing paper documentation and triggering widespread logistical issues. Critical for verifying animal-based product safety, the platform has suffered its third and most severe outage this year.
Analyst Comments: While no group has claimed responsibility, Mercury’s repeated targeting suggests persistent threat actor interest in food-sector vulnerabilities—possibly for geopolitical, economic, or retaliatory purposes. If outages continue or expand to other sectors, Russia may face broader supply disruptions and further erosion of trust in centralized digital platforms like VetIS. The incident also illustrates the systemic risk of single-point digital failures in regulatory environments.
FROM THE MEDIA: Russian dairy operations were severely disrupted after a cyberattack forced the shutdown of Mercury, a platform under the Federal State Information System for Veterinary Surveillance (VetIS). The incident occurred earlier this week and represents the third compromise of the system this year. With electronic certification temporarily unavailable, producers were compelled to use paper-based documents, which many modern retailers—such as Lenta and Yandex Lavka—refused to accept. The dairy association Soyuzmoloko stated that the disruption affected large-volume producers the most, with emergency protocols proving inadequate for sustained outages. The attack also interfered with data exchanges between Mercury and Russia's product labeling platform. While the attack remains unattributed, it follows a December ransomware incident at a major Siberian dairy processor, hinting at a continued threat to Russia's agricultural tech infrastructure.
READ THE STORY: GBhackers
Researchers Uncover 67 Trojanized GitHub Repositories Spreading Malware via Popular Projects
Bottom Line Up Front (BLUF): Cybersecurity researchers discovered a campaign called "Banana Squad" that published over 67 trojanized GitHub repositories claiming to offer Python-based hacking tools but delivering malicious payloads instead. The campaign specifically targets users searching for account cleaning tools and game cheats like Discord account cleaner, Fortnite External Cheat, TikTok username checker, and PayPal bulk account checker.
Analyst Comments: GitHub is increasingly becoming a malware distribution vector, with multiple campaigns exploiting the platform's trusted reputation. Recent examples include the Water Curse threat actor operating 76 malicious repositories to deliver multi-stage malware designed to steal credentials, browser data, and session tokens.
FROM THE MEDIA: Checkmarx uncovered 67 GitHub repositories designed to impersonate well-known projects, distributing trojanized Python and JavaScript packages. The repositories included fake versions of popular tools like ChatGPT and Free-Code-Camp, embedded with malware capable of stealing browser credentials, Discord tokens, and cryptocurrency wallet data. The campaign, believed to be run by an attacker using the alias “FakeCoder,” started in early 2024 and shows signs of automated deployment and content manipulation. Most of the repositories were quickly removed after being reported, but not before many users had already forked or downloaded the code. Checkmarx warned that threat actors are increasingly targeting platforms like GitHub to weaponize the software development
READ THE STORY: THN
African Nations Advance Non-Dollar Payment Systems Amid U.S. Sanctions Concerns
NOTE:
Africa's shift to local currency payment systems threatens core U.S. economic advantages by potentially undermining dollar dominance, which currently allows America to borrow at lower rates, gives U.S. banks lucrative transaction fees from international trade, and provides the Federal Reserve with global monetary influence. More strategically, this movement - part of a broader trend including China and Russia developing dollar alternatives - could weaken the effectiveness of U.S. economic sanctions and reduce American leverage in global diplomacy, since countries with viable payment alternatives become less dependent on U.S.-controlled financial infrastructure. While Africa's motivations are primarily economic (reducing expensive cross-border payment costs), the cumulative effect of multiple regions building non-dollar systems could gradually erode the privileged position that has anchored American economic power since World War II, forcing the U.S. to compete on more equal terms in a multipolar financial landscape.
Bottom Line Up Front (BLUF): Many African countries are developing or adopting non-dollar payment systems to reduce dependence on the U.S. dollar, especially as geopolitical tensions and sanctions risks rise. The trend has gained urgency following former U.S. President Donald Trump's warnings about possible financial penalties tied to geopolitical alignments.
Analyst Comments: The global de-dollarization trend, with Africa becoming a testing ground for alternative payment networks like those backed by BRICS or China. The move reflects rising fears over the weaponization of the dollar and aligns with broader efforts to increase economic sovereignty. While implementation faces infrastructure and coordination challenges, successful adoption could reshape regional trade and limit U.S. financial influence. The trend also creates a cybersecurity imperative, as new systems must withstand both internal fraud and external cyber threats.
FROM THE MEDIA: African countries, including Nigeria, South Africa, and Kenya, are exploring payment systems that bypass the U.S. dollar, using local currencies or platforms tied to the BRICS bloc. The urgency increased after Donald Trump, speaking at a rally in early June, warned that countries supporting adversaries of the U.S. might face financial retaliation if he returns to power. Leaders in the African Union and the African Export-Import Bank are coordinating to expand the Pan-African Payment and Settlement System (PAPSS), a cross-border platform launched in 2022. Meanwhile, China is promoting its Cross-Border Interbank Payment System (CIPS) as an alternative to SWIFT. African policymakers argue that reliance on the dollar exposes their economies to geopolitical shocks and external control. Reuters notes that the shift is gathering institutional momentum while full transition remains distant.
READ THE STORY: Reuters
EU Fortifies Ports and Cyber Infrastructure Amid Fears of Russian Aggression
NOTE:
Europe is dramatically overhauling its military infrastructure in response to Russian threats, boosting NATO spending targets from 2% to 5% of GDP with €75 billion earmarked for upgrading ports, railways, and transport networks that could serve as crucial chokepoints for moving U.S. troops and equipment to Eastern Europe in any conflict. The EU and NATO have identified 500 critical infrastructure "hot spots" needing upgrades, with key ports in Poland, Latvia, and Lithuania already receiving military cargo-handling improvements, while also prioritizing cybersecurity and protection of undersea cables from suspected Russian sabotage. However, shipping executives worry that militarizing commercial ports could hurt their competitiveness and deter private investment, as facilities become potential Russian targets, creating tension between Europe's urgent security needs and economic interests as the continent prepares for its most significant military infrastructure investment in half a century.
Bottom Line Up Front (BLUF): The European Union is significantly expanding its investment in ports and transport infrastructure to bolster NATO’s military mobility and resilience against potential conflict with Russia. As part of this effort, cybersecurity is a growing focus, with EU ports increasingly seen as critical targets for sabotage and digital attacks.
Analyst Comments: Europe’s defense recalibration signals a broader shift toward treating civilian infrastructure as dual-use assets in future conflicts. While boosting port capacity and digital defenses can increase NATO's operational readiness, these moves expose commercial sectors to new geopolitical risks and cyber threats. Balancing national security and economic competitiveness will be challenging, especially as investors worry about becoming targets. Including cyber resilience within NATO-aligned infrastructure marks a critical and overdue evolution in defense strategy.
FROM THE MEDIA: EU plans to allocate up to €75 billion (~$86 billion) in its upcoming five-year budget to upgrade transportation networks, including ports, for military use. Ports in Poland, Latvia, and Lithuania are already receiving enhancements, such as expanded quays and deep-water berths. These upgrades support NATO's strategy to rapidly deploy troops and equipment in the event of a Russian confrontation. Shipping executives have raised concerns about the impact on competitiveness, as infrastructure prioritizes military readiness. Cybersecurity is also a top concern: agencies like the European Maritime Safety Agency and Norway’s Nordic Maritime Cyber Resilience Center are identifying digital vulnerabilities in port systems, citing Russian hackers as a growing threat. The EU and NATO have mapped over 500 critical logistics points requiring upgrades and planning new regional security hubs, including in the Black Sea.
READ THE STORY: WSJ
Hybrid Warfare Intensifies as Cyberattacks and Disinformation Surge in Israel-Iran Conflict
Bottom Line Up Front (BLUF): Radware reports a sharp escalation in cyberattacks and coordinated disinformation campaigns as part of a broader hybrid warfare strategy amid the 2025 Israel-Iran conflict. The cybersecurity firm notes that both state-aligned and independent threat actors are leveraging cyber tools to destabilize infrastructure and manipulate public sentiment.
Analyst Comments: Iran is leaning heavily on cyber warfare to counter its diminished conventional military capacity. The targeting of ICS and OT environments shows a strategic intent to degrade critical infrastructure, a hallmark of modern cyber-physical conflict. With major APTs like APT34 and APT39 reengaging, Israel faces not just service disruption but risks to civilian safety and economic stability. The fusion of cyber operations with AI-driven disinformation campaigns signals a sophisticated, multipronged threat landscape demanding both technical defenses and information resilience.
FROM THE MEDIA: Iranian state-backed actors and hacktivist affiliates in retaliation for Israel’s Operation Rising Lion. The operation, which reportedly eliminated 20 high-ranking Iranian commanders and crippled missile infrastructure, has driven Iran to intensify cyber retaliation. APT groups like APT34 (OilRig) and APT39 (Remix Kitten) are conducting DDoS attacks, phishing campaigns, ransomware strikes, and deploying wiper malware. Targets include Israeli defense systems, hospitals, and public infrastructure. Radware also warns of coordinated influence operations using AI botnets and fabricated social media personas. Hacktivist groups claimed attacks on Israeli warning systems, radio stations, and even Mossad’s website. The advisory urges Israeli organizations to improve cyber hygiene, incident response preparedness, and counter-disinformation protocols.
READ THE STORY: Industrial Cyber
Scattered Spider Implicated in Cyberattacks on U.S. Telecom Giants, FBI Confirms
Bottom Line Up Front (BLUF): The FBI has officially linked the threat group Scattered Spider to a wave of cyberattacks targeting major U.S. telecommunications firms in 2025. The attackers used sophisticated social engineering and SIM-swapping tactics to breach internal systems and extract sensitive customer data.
Analyst Comments: Scattered Spider continues to evolve its capabilities, combining highly effective human-centric intrusion methods with deep knowledge of telecom infrastructure. Their persistent targeting of high-value sectors like telecommunications reveals a shift toward more strategic, espionage-adjacent operations. This campaign underscores the growing threat posed by hybrid threat actors who blend cybercrime and nation-state-level tactics, exploiting gaps in multi-factor authentication and employee identity controls. Telecom firms should expect sustained probing unless systemic identity verification and internal segmentation controls are enhanced.
FROM THE MEDIA: UNC3944 has been confirmed by the FBI as the group behind a series of recent intrusions affecting multiple U.S. telecom providers. Using social engineering to impersonate IT staff, attackers performed SIM-swapping and multi-factor authentication reset attacks, allowing them to access sensitive systems, customer records, and internal tools. The attacks began in late May and persisted into June, targeting help desk employees and exploiting weak identity verification procedures. In some cases, attackers accessed telecom networks’ internal management platforms, raising concerns about broader national infrastructure risks. The FBI noted that Scattered Spider is known for its agility and ability to weaponize leaked credentials and open-source tools.
READ THE STORY: Industrial Cyber
Finland Considers Charging Eagle’s Ship Officers Over Baltic Subsea Cable Sabotage
Bottom Line Up Front (BLUF): Finnish authorities are weighing criminal charges against officers of the Chinese-owned vessel NewNew Polar Bear for allegedly damaging undersea telecom and energy cables in the Baltic Sea. Investigators link the ship to Finnish and Estonian infrastructure breaks in October 2023.
Analyst Comments: While attribution to state actors remains politically delicate, Finland’s move to criminally prosecute individual officers signals a firmer Western stance on hybrid maritime threats. As undersea cables become increasingly central to national security and data resilience, states will likely develop stronger regulatory and enforcement frameworks, including cyber and kinetic response doctrines.
FROM THE MEDIA: Finnish prosecutors are preparing to bring charges against the NewNew Polar Bear crew members, a Chinese vessel suspected of damaging two critical undersea cables between Finland and Estonia in October 2023. The Finnish Border Guard concluded that the damage was likely intentional and linked to the ship's anchor. Authorities suspect sabotage, though they have not formally accused the Chinese state. The cable breaks disrupted telecommunications and power distribution between the two countries. Finland’s National Bureau of Investigation has submitted findings to prosecutors, and Estonia is cooperating on a parallel investigation. The incident has elevated concerns over the vulnerability of subsea infrastructure, especially as tensions with Russia and China intensify across the Nordic-Baltic region.
READ THE STORY: The Record
Items of interest
Iran Shuts Down Internet Amid Israeli Cyberattacks and Missile Strikes
Bottom Line Up Front (BLUF): Iran has imposed a near-total internet blackout following a series of cyberattacks and missile strikes from Israel, severely limiting civilian access to information and communication. Officials claim the shutdown is necessary to prevent further digital infiltration and protect critical infrastructure during the escalating military conflict.
Analyst Comments: Iran's decision to sever internet access reflects a defensive posture and a broader trend of authoritarian digital control in crisis. However, this approach risks isolating citizens and undermining trust in state communications, leaving emergency services and financial systems vulnerable to sustained disruption. The growing sophistication of Israeli cyber operations also signals a dangerous escalation in cyber hostilities in the Middle East.
FROM THE MEDIA: The shutdown, which has been ongoing for over two days, follows hacks on state TV, major banks (Sepah and Pasargad), and the cryptocurrency exchange Nobitex. Iran’s communications ministry claimed the restrictions were temporary and meant to prevent Israeli forces from exploiting local communications for targeting. Nevertheless, domestic media, online banking, and even some government services have become inaccessible, disrupting daily life. NetBlocks confirmed the widespread blackout, and Iranian authorities urged the public to use domestic messaging apps like Rubika and Soroush. While landlines and traditional broadcast channels remain operational, diasporic Iranians have struggled to contact family amid the escalating conflict.
READ THE STORY: FT
Iran Shuts down Internet Service (Video)
FROM THE MEDIA: The Islamic regime in Tehran has shut down the internet and cell phone lines throughout the country. What are they trying to silence?
Elon Musk Activates Starlink for Iran Amid War With Israel | Internet Blackout Sparks Global Stir (Video)
FROM THE MEDIA: In a dramatic twist in the ongoing Iran-Israel war, Elon Musk has announced the activation of Starlink internet services in Iran. This comes after reports that the Iranian government is deliberately blocking internet access across the country, raising fears of suppressing internal dissent during wartime. Musk's intervention aims to bypass censorship and provide Iranian citizens with unrestricted access to information. As tensions soar, this move could change the dynamics on the ground and online.
The selected stories cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in its original material or related links on its sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.