The other battlefield - Click Here | Wave AI Podcast Notes

Summary7 min read

Podcast Summary: "The other battlefield"

Podcast: Click Here (Recorded Future News)
Episode Date: March 20, 2026
Host: Dena Temple-Raston
Main Guests: Jennifer Lynn Walker, Gil Messick
Theme: The realities, motivations, and methods behind recent Iranian hacktivist cyberattacks—targeting not just high-profile organizations, but critical infrastructure and even unlikely places like breweries—as modern warfare is waged in cyberspace.

Overview of the Episode

This episode of "Click Here" delves into the overlooked frontlines of modern conflict: cyberspace. Host Dena Temple-Raston investigates how Iranian hacktivist groups, particularly the Cyber Avengers and Cybertufan, have expanded their targets from state agencies to small municipal facilities and even craft breweries—often motivated as much by politics as by opportunity. The episode explores what makes certain targets vulnerable, how simple security oversights can lead to international incidents, and how the tactics of cyberwar are evolving, especially under the influence of recent global conflicts like the war in Ukraine.

Key Discussion Points & Insights

1. Weaponizing Cyberspace for Political Retaliation

[00:32–01:40]

On March 11, global medical device manufacturer Stryker suffered a major cyberattack. Unlike typical ransomware, the attackers attempted to wipe systems clean, focusing on destruction rather than profit.
The pro-Iranian group Handela claimed responsibility, citing it as retaliation for a deadly U.S. airstrike in Iran.
Insight: The episode frames these attacks as signaling a shift—cyberwar is "no longer hypothetical." Iranian hackers are targeting less obvious, sometimes mundane, entities to make points or sow chaos.

2. Jennifer Lynn Walker: The Cybersecurity Evangelist

[05:24–06:52]

Jennifer Lynn Walker, director at WATER ISAC (an industry cybersecurity association for water utilities), recounts her career from early cyber enthusiast to sector-focused defender.
Notable Quote – Jennifer Lynn Walker [05:47]:
“I've always been an early adopter in any of the cyber things. Did the malware analysis thing before that was really a thing. Cyber threat intel, before that was a thing.”

3. Anatomy of a Hacktivist Attack: Aliquippa Water Authority

[06:59–09:27]

In November 2023, a small water treatment plant near Pittsburgh was breached by the Iranian-linked group Cyber Avengers.
The breach involved a programmable logic controller (PLC) flashing a message from the hackers. Their motivation? To target any facility using Israeli-made components (specifically those by Unitronics).
Notable Quote – Jennifer Lynn Walker [07:43]:
“That is small. But it doesn't matter how big or how small you are. It's what you have and data and... or devices.”
Cyber attacks like this don’t depend on the size or prominence of the target but on accessible vulnerabilities.

4. The Simplicity of Many Industrial Hacks

[10:07–13:59]

The Cyber Avengers’ method was straightforward: they scanned the Internet for Unitronics PLCs with default passwords (“1111”).
Notable Exchange:
- Dena [13:22]: “So it was really something as simple as that?”
- Jennifer: “It was really something as simple as that.”
This particular weakness—factory default credentials—means industries beyond water could be at risk.

5. Accidental Entrants: The Brewery Hack

[18:08–20:24]

The Full Pint Beer brewery, located near the Aliquippa plant, was also attacked simply because it used the same vulnerable Israeli PLC.
The brewery’s public announcement of the hack was met with bemusement, highlighting the randomness when attacks are based on technology signatures rather than deliberate targeting.
Notable Commentary – Dena Temple-Raston [18:53]: “Turns out this unassuming local bar, unbeknownst to them, had tiptoed into a global political fight.”

6. Beyond Water: The Larger Industrial Impact

[20:46–21:59]

Sentinel One research found about 1,800 Internet-connected Unitronics PLCs globally; the vulnerability is not confined to water plants.
Notable Advice – Jennifer Lynn Walker [21:40]:
“Don't stop at Unitronics. Look at the other devices. Check all of your PLCs, especially the ones that are connected to the Internet, and remove them... if you really don't need them to be connected.”

7. The Evolving Tactics of Iranian Hackers

[21:59–23:46]

Gil Messick from Checkpoint notes Iranian hackers are growing in sophistication, learning from recent conflicts like the war in Ukraine to enhance their capabilities and tactics.
Notable Quote – Gil Messick [22:47]:
“Iran is probably the most prominent cyber offensive player in the region and one of the biggest in the world.”
New trends include attacks on government agencies, advanced mapping malware, and data theft that’s harder to detect.

8. Ukraine as a Testing Ground and Cyber Lessons

[23:46–24:29]

The war in Ukraine inspired both defenders and attackers; tactics roll over from one conflict to another.
Notable Quote – Gil Messick [23:46]:
“The war in Ukraine was a greenhouse for many cyber trends.”

9. The Human Dimension: Cybertufan’s Cruel Tactics

[24:55–27:35]

The group Cybertufan targeted Israeli web hosting services, posting customers’ personal info as retribution for Israeli military actions.
More sinister, after Hamas kidnapped Israeli hostages in October 2023, hackers texted families with malicious links posing as messages from loved ones—aiming to steal sensitive data.
Notable Quote – Gil Messick [27:35]:
“Not the most sophisticated thing we've seen, but the level of details, the level of... cruelness. In a way, this is something which is most alarming to me.”

10. The Future of Hybrid Warfare

[28:01–28:26]

The Russian invasion of Ukraine is cited as the world’s first true "hybrid war," seamlessly weaving cyber and kinetic attacks.
Each conflict accelerates the learning curve for both cyber defenders and attackers.
Notable Quote – Gil Messick [28:18]:
“In the next war, then somebody else will learn from the lessons of this war and try to be better and greater.”

Notable Quotes & Memorable Moments (With Timestamps)

[05:47] Jennifer Lynn Walker: “I've always been an early adopter in any of the cyber things. Did the malware analysis thing before that was really a thing. Cyber threat intel, before that was a thing.”
[07:43] Jennifer Lynn Walker: “That is small. But it doesn't matter how big or how small you are. It's what you have and data and... or devices.”
[13:59] Jennifer Lynn Walker: “It was really something as simple as that.”
[18:53] Dena Temple-Raston: “Turns out this unassuming local bar, unbeknownst to them, had tiptoed into a global political fight.”
[21:40] Jennifer Lynn Walker: “Don't stop at Unitronics. Look at the other devices. Check all of your PLCs, especially the ones that are connected to the Internet, and remove them... if you really don't need them to be connected.”
[22:47] Gil Messick: “Iran is probably the most prominent cyber offensive player in the region and one of the biggest in the world.”
[23:46] Gil Messick: “The war in Ukraine was a greenhouse for many cyber trends.”
[27:35] Gil Messick: “Not the most sophisticated thing we've seen, but the level of details, the level of... cruelness. In a way, this is something which is most alarming to me.”
[28:18] Gil Messick: “In the next war, then somebody else will learn from the lessons of this war and try to be better and greater.”

Timestamps for Key Segments

00:32 — The Stryker cyberattack and the rise of Iranian-linked hacktivism
05:24 — Introduction to Jennifer Lynn Walker and WATER ISAC
06:59 — The Aliquippa Water Authority hack: anatomy of a modern hacktivist operation
10:07 — How hackers target industrial facilities using simple vulnerabilities
13:22 — The critical role of default credentials
18:08 — A brewery’s unlikely brush with international cyberwar
21:59 — Broader implications: industrial vulnerabilities, advice for defenders
22:47 — Insights from Gil Messick on Iranian cyber evolution
23:46 — The Ukraine war: cyber lessons for the world
24:55 — Cybertufan’s campaign: from web defacement to targeting hostages’ families
28:01 — The dawn of hybrid war and what comes next

Episode Tone and Takeaways

The episode is urgent yet accessible, explaining technical concepts in plain language and emphasizing human stories.
Main takeaway: The digital battlefield is everywhere. Political motives can make unlikely targets, like small utilities and breweries, a part of global conflict.
Simple security lapses—like unchanged default passwords—open doors to sophisticated and unsophisticated attackers alike.
Warfare is evolving; the lines between nuisance hacktivism and impactful cyberattacks are blurring, driven by lessons from recent conflicts.
Final Reflection: What happens abroad in warfare and politics can have real-world, local, and sometimes unexpected digital consequences far from the front lines.

This summary captures the episode’s core stories and themes, with selected quotes, key insights, and segment timings—giving new listeners a full picture of the conversation and its significance in today’s cyber landscape.

Loading summary

Transcript97 lines

[00:03]
Dena Temple Roston
From Recorded Future News and prx, this is Click here. The story you're about to hear first aired some time ago. We're bringing it back now because while wars play out on the ground, modern conflicts are also being fought in a quieter place, cyberspace.
[00:32]
Jennifer Lynn Walker
Stryker has fallen victim to a cyberattack, causing a devastating global outage to their operations.
[00:42]
Dena Temple Roston
On March 11, a cyber attack hit medical devices maker Stryker, and instead of locking up systems for ransom, the attackers appear to have tried to wipe them clean. In other words, this wasn't about getting paid, it was about shutting things down. A pro Iranian hacking group called Handela claimed responsibility, saying the operation was in retaliation for a deadly U.S. strike on an elementary school in Iran. More than 165 people died, and most of them were children. Stryker says it hasn't found ransomware and believes the incident is now contained, but investigators are still trying to understand the full scope of the damage. Cybersecurity officials have long warned that if there was a war, Tehran wouldn't just watch from the sidelines, and incidents like this suggest that warning is no longer hypothetical. The thing is, Iranian hackers don't always go after the obvious targets, and sometimes they show up in places that feel the most mundane. I'm Dena Temple Roston and this is Click Here. A podcast about all things cyber and intelligence. We tell true stories about the people making and breaking our digital world. And today we return to a story we did about hacktivist groups waging war in a different way by cracking into systems not just to steal or demand a ransom, but but to make a political point. Stay with us. Support for Click here Comes from Monarch Tax season is one of the only times people see their full financial picture. Earnings, spending, savings, maybe even an extra account you forgot about. Monarch is a huge help for anyone this time of year. You can see where money is going and where a tax refund might have the biggest impact. Instead of tracking expenses and feeling bad about spending, you can plan ahead and hit milestones. Simplify your finances with Monarch Monarch is the all in one personal finance tool designed to make your life easier. It brings your entire financial life, budgeting, accounts and investments, net worth and future planning together in one dashboard on your phone or laptop. Feel aware and in control of your finances this tax season and get 50% off your Monarch subscription with the code. Click here. And unlike other personal finance apps, Monarch is built to make you proactive, not just reactive. Its AI tools will help you understand your spending with insights and weekly recaps. That way, you'll make Informed decisions with your money. Achieve your financial goals for good with Monarch, the all in one tool that makes money management simple. Use code clickhere@monarch.com for half off your first year. That's 50% off@monarch.com code click here support for click here comes from Servil. IT teams waste so much time on repetitive tickets, all those password resets, access requests and onboarding. With Servl, you can cut 80% of that busywork. So all it has to do is write what they need in plain English and Servl makes it happen instantly. Consider onboarding new hires waiting around for days, managers asking for approvals. It gets pulled away from meaningful work. With Servol, a manager can simply request onboarding with a quick slack message. And just like that, access happens in seconds automatically. With all the right approvals, it never even has to touch it. If I were starting a tech company, Servol would be a must have. It saves time and money and lets it focus on actual problems. That's why Servol powers the fastest growing companies in the world like Perplexity, Mercore, Verkada and Clay. Get your team out of the help desk and back to the work they enjoy. Book your free pilot@serval.com clickhere that's S E R V A L.com click click here.
[05:09]
Gil Messick
ChatGPT AI machines.
[05:11]
Dena Temple Roston
Satellite engine ignition. Click here and lift up. Jennifer Lynn Walker has a surprising preoccupation. She gets obsessed with the security of industrial facilities.
[05:25]
Jennifer Lynn Walker
I just kind of obviously fell into it, but so I was a late bloomer in at call in college, graduated,
[05:33]
Dena Temple Roston
she dabbled in computers, information systems management. And then.
[05:37]
Jennifer Lynn Walker
And I just found an affinity for the cybersecurity. So this is, you know, going on, you know, 23, 24 years now.
[05:45]
Dena Temple Roston
So you're like a cybersecurity early adopter?
[05:48]
Jennifer Lynn Walker
Yeah, I was definitely. I've always, I've always been an early adopter in any of the cyber things. Did the malware analysis thing before that was really a thing. Cyber threat intel, before that was a thing.
[05:58]
Dena Temple Roston
In other words, before the field really had a name, she was already doing the work. In fact, she'd tell you she's become a bit of an evangelist about it.
[06:12]
Jennifer Lynn Walker
Welcome back to the Cybersecurity Evangelist. I'm Jennifer Lynn Walker, your host and evangelist.
[06:23]
Dena Temple Roston
This is from her cybersecurity podcast. We edit the music. She's now the director of cyber defense at something called the WATER Information Sharing and Analysis center. Known as WATER ISAC for short. It's essentially an Industry association that helps water treatment facilities work on their cybersecurity.
[06:43]
Jennifer Lynn Walker
I am watching threats and vulnerabilities across the water and wastewater sector. I should probably pull up our mission statement.
[06:53]
Dena Temple Roston
So when something unusual happens, she notices. Like this thing that happened in November 2023.
[06:59]
Jennifer Lynn Walker
This morning, a cyber group is taking credit for breaching a water treatment plant in Pennsylvania.
[07:06]
Dena Temple Roston
Her mind went into overdrive.
[07:08]
Jennifer Lynn Walker
What happened was this targeted thinking. Is there anything else going on? You know, what's being said, how it's.
[07:19]
Dena Temple Roston
What she didn't know yet was that this would become a case study in modern hacktivism. The target was a small treatment facility about 18 miles northwest of Pittsburgh. So tell me about the Aliquippa Water Authority.
[07:35]
Jennifer Lynn Walker
Aliquippa, I mean, it's a small water utility.
[07:38]
Dena Temple Roston
It's in Beaver County, Pennsylvania, and it serves about 15,000 people.
[07:44]
Jennifer Lynn Walker
That is small. But it doesn't matter how big or how small you are. It's what you have and data and. Or devices.
[07:53]
Dena Temple Roston
Because in cyber attacks, size isn't the strategy accesses. In other words, a lot of the time, these attacks aren't about how big a plant is or even where it's located. Instead, it's about who makes the systems they're running, what kind of software they're using, what industrial control system is making
[08:17]
Jennifer Lynn Walker
the whole operation run pumps and machinery and components that run the water plant. And those thoughts are coming through, you know, at light speed,
[08:34]
Dena Temple Roston
Because Jennifer works on these kinds of problems for the water isac. She got pulled in to help, and before she knew it, she was in a zoom meeting with a bunch of state and federal officials, with the manager of Aliquippa talking them through what had happened.
[08:49]
Jennifer Lynn Walker
The general manager received a phone call from an operator. They had gotten an alert, and the
[08:55]
Dena Temple Roston
alert said that one of the devices that allowed the plant to monitor water pressure remotely was now flashing a strange message on its screen.
[09:03]
Jennifer Lynn Walker
He didn't use the term defacement, but it had a message on it that said that it was from the Cyber Avengers.
[09:10]
Dena Temple Roston
The Cyber Avengers. It's an Iranian hacktivist group. And their message made clear why they had chosen to target this obscure, tiny little water facility.
[09:20]
Jennifer Lynn Walker
The message said, anything that was made in Israel, any components that were made in Israel, they were going to target these.
[09:28]
Dena Temple Roston
There's something about hacking water treatment plants that feels like a Hollywood movie. It's the kind of threat that feels cinematic until you realize it's not. Holy Christ.
[09:40]
Gil Messick
We're going to need some more FBI guys.
[09:42]
Dena Temple Roston
I guess it just seems more sinister than your average Cyber attack. Because the thing they're attacking is the thing we need to stay alive.
[09:50]
FBI/Secret Service Agent
The FBI and Secret Service cyber units are investigating the hacking of the municipal water supply system.
[09:57]
Jennifer Lynn Walker
Hacking in Pinellas County, Florida. Investigators are trying to hunt down the
[10:01]
Dena Temple Roston
person who tried to poison a public
[10:03]
Jennifer Lynn Walker
water supply treatment plant that serves parts
[10:07]
Dena Temple Roston
of the San Francisco Bay area. And to do damage to a water facility. What the bad guys crack into is the industrial computer systems that control them, often something known as programmable logic controllers or PLCs. Think of them as the computers that run the physical world, and they're used to monitor and run various operations in the water treatment process. Things like chemical additives, flow control, water pressure.
[10:37]
Jennifer Lynn Walker
You know, at any given time, if the pressure is too high, it could break pipes or, you know, that could lead to other issues. If it's too low, then, you know, you wouldn't get water to your community.
[10:51]
Dena Temple Roston
We talk a lot about hackers who launch cyber attacks using some coded weapon they've built, malware they've put together, or a backdoor that they've created. The Cyber Avengers hack on the water treatment plant wasn't like that. It was much simpler. All they appeared to have done is scan the Internet looking for people who were using the factory defaults on a particular kind of programmable controller. They wanted to find any PLC made by a company named Unitronics.
[11:20]
Gil Messick
Unitronics is a public company with a strong international presence in more than 60 countries.
[11:26]
Dena Temple Roston
And what made them focus on this one particular company? Well, Cyber Avengers is linked to Iran's Islamic Revolutionary Guard Corps. So perhaps it's no surprise that they targeted Unitronics not because of the systems it used, but because of where it was based in Israel. In other words, this wasn't about technology. It was about politics. You could be forgiven for never having heard of the Cyber Avengers. They've only been around since 2020. Though they're linked to the Iranian government, they don't appear particularly skilled in the dark arts of hacking. Their primary mission seems to be just to stir the pot, to make political points. And maybe because they are more lucky than good, they lie a lot. In October 2023, for example, they posted a promotional countdown video on Telegram. The group said it would be unveiling one of the greatest cyber attacks on Israel infrastructure ever. And then the next day, they claimed to have infiltrated 10 water treatment facilities there. They posted information they claimed they'd exfiltrated from the plants. But none of it was true. The real story came later, and it was much less dramatic. What they did instead, about a month later, is go after those water treatment plants in Pennsylvania. And it turns out finding their targets was child's play. All they had to do is use a search engine to find companies using
[13:06]
Jennifer Lynn Walker
Unitronics controllers that was easily discoverable through open sources.
[13:14]
Dena Temple Roston
They scan the Internet and look for people who had this particular thing right.
[13:18]
Jennifer Lynn Walker
Exactly.
[13:23]
Dena Temple Roston
And then once they'd identified the Unitronics PLCs, they looked for the ones that still had the factory presets in place, and in particular the factory default password, which was, and this is now public, the very complicated numerical combination of 1111
[13:42]
Jennifer Lynn Walker
when the manufacturer ships the device, just like they would ship your thermostat or your connected truck or, you know, truck toy or something like that.
[13:51]
Dena Temple Roston
And that's the part where they say in the instructions, please change the password.
[13:55]
Jennifer Lynn Walker
And someone doesn't Absolutely, yes. Yes.
[13:58]
Dena Temple Roston
So it was really something as simple as that?
[14:00]
Jennifer Lynn Walker
It was really something as simple as that.
[14:03]
Dena Temple Roston
That's crazy. It turns out that the Aliquippa water plant wasn't the only facility running Unitronics PLCs with a default password. When we come back, hackers are taking aim not just at the most obvious targets like water treatment plants, but but also places you wouldn't expect. Places that feel almost irrelevant to global conflict. Stay with us. Support for Click Here comes from Factor. This time of year always feels like the hardest time to stay consistent with cooking. There's so much going on and honestly, who wants to run out into the cold just to grab some groceries? Thankfully, Factor makes healthy eating easy with fully prepared meals designed by dietitians and crafted by chefs. With Factor, you get quality meals with hearty ingredients, including lean proteins, colorful veggies, and healthy fats. They're meant to fit your goals, and they're ready to eat in about two minutes. No prep, no stress, and it never gets boring. They have a hundred rotating weekly options, so there's always something new and delicious to look forward to. Personally, I love their black pepper and sage pork chop. And the Thai style peanut chicken grain bowl is perfect for lunch. It keeps you full all day in a good way. Head to FactorMeals.com clickhere50OFF and use the code clickhere50OFF to get 50% off your first Factor box, plus free breakfast for one year. You'd like a pro this month with Factor New subscribers only. Varies by plan. One free breakfast item per box for one year, while subscription is active. Support for Click Here comes from Quince. These days, I'm all about quality. Over quantity, especially in my closet. If it's not well made and versatile, it's just not worth it to me. That's why I love Quince. The fabrics feel elevated, the cuts are thoughtful, and the pricing actually makes sense. Quince makes high quality wardrobe staples using premium fabrics like 100% European linen, 100% silk and organic cotton poplin. And they come directly from safe ethical factories. They cut out the middleman so you don't pay extra for brand markups. It's just quality clothing at a good price and it's consistently rated 4.5 to 5 stars by thousands of customers. My new favorite sweater, my Quince cashmere quarter zip. I actually find excuses to wear it. It looks great, super soft and it's one of those classic pieces you keep going back to. Right now, if you go to quince.com clickhere you can get free shipping and 365 day returns. That's a full year to wear it and love it. And you will now available in Canada. Don't keep settling for clothes that don't last. Go to q U-I-N-E.com clickhere for free shipping and 365 day returns. Quince.com clickhere how do we maintain a
[17:21]
Jennifer Strong
strong defense in a world that's rapidly changing? Join us on Strength in Numbers, a podcast from UVA's National Security Data and Policy Institute. I'm your host, Jennifer Strong. In each episode, we'll take a look at the materials powering today's most advanced technology, how it's being used on the battlefield, and ask how the United States can stay competitive against potential adversaries.
[17:43]
Dena Temple Roston
Voters should be concerned about all this.
[17:45]
FBI/Secret Service Agent
We want America to be strong, but we've got to be strong and smart.
[17:48]
Jennifer Strong
That's all coming up this season of Strength in Numbers. Listen and follow wherever you get your podcasts.
[18:08]
Dena Temple Roston
Oh, I can't wait to see you. This is from an open mic night at the Full Pint Beer. It's a brewery located about half an hour from the Aliquippa Water Treatment facility. And good beer here, Good beer service. Well, Full Pint was also attacked by the Cyber Avengers, which just seemed so random. Water treatment facilities? Sure, that makes sense. But a local craft brewery known for trivia nights and live music felt almost absurd. This is a song that I that
[18:47]
Gil Messick
my sister and I wrote in 1994.
[18:54]
Dena Temple Roston
Turns out this unassuming local bar, unbeknownst to them, had tiptoed into a global political fight. Breweries obviously need water, and thus water controllers. And you Guessed it, they had the Unitronics PLC in their system. And when the folks at Full Pint came to find out that they'd been attacked by some kind of political hacktivist trying to get even with Israel, they seemed sort of bemused. They didn't want to talk to us on the record about it, but they did make the hack public on their Facebook page. Ugh. Their message begins. The brewery control system received a cyber attack over the weekend. We're working to restore things to working order. Thank goodness for backups. They helpfully included a picture of the Cyber Avengers message. You have been hacked. It reads, down with Israel. And then they basically said in broken English that they believed anything made in Israel was a legitimate target. I asked Jennifer if she saw any deeper meaning in the fact that the Cyber Avengers had decided to target both water and beer.
[20:05]
Jennifer Lynn Walker
I knew it just had nothing more to do than, you know, what, the fact that they were running the same type of component.
[20:12]
Dena Temple Roston
Right. So if it was a pretzel factory, too, it might be a conspiracy, potentially.
[20:21]
Jennifer Lynn Walker
I mean, no water, no beer. I mean, no pretzels.
[20:25]
Dena Temple Roston
It was almost as if the Cyber Avengers were sending not just a political message, but an I Love the Simpsons message too.
[20:32]
FBI/Secret Service Agent
Looks like there's beer coming out of the chimney.
[20:35]
Jennifer Lynn Walker
I am proceeding on foot, calling a code A.
[20:38]
FBI/Secret Service Agent
We need pretzels. Repeat, pretzels.
[20:46]
Dena Temple Roston
According to cyber security firm Sentinel One, the Cyber Avengers Unitronics campaign didn't make much of a splash because there weren't that many devices for them to exploit. Sentinel 1 did a search of controllers and came up with just about 1800 Unitronics PLCs that were connected to the Internet and reachable globally. And about 280 of them were the kind in use at the Municipal Water Authority of Aliquippa. There was the potential for a lot of other industries to get mixed up in this. The Unitronics controllers are used in energy, food, and healthcare manufacturing, which means this could have spread far beyond water or beer. Though Jennifer Lynn Walker said it isn't just a Unitronics problem. Literally any system that's on a network could be vulnerable.
[21:41]
Jennifer Lynn Walker
The message is, don't stop at Unitronics. Look at the other devices. Check all of your PLCs, especially the ones that are connected to the Internet, and remove them from the Internet if you really don't need them to be connected.
[21:59]
Dena Temple Roston
Iranian hackers have been waging these kinds of shadowy cyber attacks against Israel for years. There are literally dozens of Iranian hacker groups with names like Karma or Muddy Waters. With apologies to the Chicago blues, what appears to have changed isn't the multitude of hacking groups. It's how they're showing signs of sophistication. While the Cyber Avengers so far have been relatively harmless, there are many groups that have done real damage, and increasingly so. And few people have watched this as closely as Gil Messick. He's the chief of staff at a cybersecurity company called Checkpoint. So let me just ask you, how long have you been sort of tracking Iranian threat actors?
[22:47]
Gil Messick
When have we not? Iran is probably the most prominent cyber offensive player in the region and one of the biggest in the world.
[22:56]
Dena Temple Roston
But Gil says over the past two years, Iranian hackers have been changing. They're cracking into security cameras in Israel and stepping up their regional espionage operations.
[23:07]
Gil Messick
You could see them mostly in government agencies or ministries. You could see them in areas or companies which host large amounts of data.
[23:18]
Dena Temple Roston
And they're starting to deploy malware that is leaps and bounds better than what they used to have in the past. They have malware that doesn't just infiltrate networks, but actually maps them out too, which can help if you're planning a future attack. They've also found ways to customize it so they can steal huge amounts of data and leave hardly a trace. And Gil, for his part, says he thinks he knows why this is happening now. Ukraine has turned out to be a testbed.
[23:46]
Gil Messick
The war in Ukraine was a greenhouse for many cyber trends.
[23:53]
Dena Temple Roston
Ukraine's IT army codified the use of activist hackers. They recruited IT professionals from around the world and then encouraged them to hack Russia.
[24:02]
Gil Messick
Whatever happens in one war is being imitated and to some extent, improved in a different war. We're learning from this as what we call referring cyber defenders. But hackers are also learning from this as well. And you could see in their forums that they're sharing information and sharing experiences, and they're sharing capabilities. They're doing all these things.
[24:29]
Dena Temple Roston
And while Ukrainian hacktivists didn't have any epic hacks, US Officials say they did something almost as important. They kept Russia's hackers on the back foot, defending instead of attacking. And that's certainly happening now in Israel, as hacker groups backed by Iran or Hamas or Hezbollah attack both Israel and its allies in ways both big and small. There is one hacking group in particular that he's been focused on.
[24:56]
Gil Messick
Now. The most prominent One is called Cybertufan Cyber 2 Fund.
[25:01]
Dena Temple Roston
It made a name for itself by hacking into an Israeli website hosting service called Signature It. Its stores, among other things, the Israel state archives and dozens of the nation's retailers, cybertufon hackers shut many of the sites down.
[25:17]
Gil Messick
Think of an Israeli version of Home Depot that for over a weekend, didn't have a website for online shopping, which is quite significant.
[25:28]
Dena Temple Roston
The group then posted the names, email addresses, and personal information of millions of Israeli customers on Telegram.
[25:35]
Gil Messick
The list of victims were very, very large.
[25:40]
Dena Temple Roston
And then cybertufan published a kind of manifesto, a decree on why they had chosen to hack the companies they hacked to ensure that no one thought it
[25:49]
Gil Messick
was random, why it's so important in Israel, why we had to. Why they attacked them, and also to link it to specific actions that happened in the war.
[25:59]
Dena Temple Roston
When cybertufan threatened to leak data of an Israeli medical company, it posted something on Telegram that said it was retribution for a very specific thing. We attacked this medical company, they said, because Prime Minister Benjamin Netanyahu and IDF forces had, quote, bombed our hospitals. Sometimes the hacks are more personal and even sinister. Back in October 2023, after Hamas stormed the border with Israel and took hundreds of hostages back to Gaza, the group took aim at the families of the people they had taken.
[26:35]
Gil Messick
They sent them a text message, a designated text message saying, hi, we have captured your son or daughter. If you want to communicate with them, press this link. Write here your name, your email, and the message you want to send them, and click here.
[26:51]
Dena Temple Roston
But if they clicked, they didn't connect with their loved ones. Instead, it would download malware to their phones.
[27:00]
Gil Messick
If you would click it, then you could see that this was another way to basically exfiltrate information from the people who were victims of this attack.
[27:10]
Dena Temple Roston
And how much after the kidnapping did that happen?
[27:14]
Gil Messick
About a month.
[27:20]
Dena Temple Roston
Gil said. It's the details here that make the effort remarkable. It means that cybertufon hackers know the personal phone numbers of individuals. They could connect specific family members to specific hostages, and that takes a lot of preparation and legwork.
[27:36]
Gil Messick
Not the most sophisticated thing we've seen, but the level of details, the level of. Also of cruelness. In a way, this is something which is most alarming to me. So, as. As. As you know, as experts in cyber security, this is not the most advanced cyber security cyber attack we've seen, but on a human level, that's pretty harsh.
[28:01]
Dena Temple Roston
And Gil says this is only the beginning. The Russian invasion of Ukraine is seen as the world's first truly hybrid war in which cyber weapons have been wielded right alongside more traditional ones. So we've only just started to understand what a hybrid war actually looks like.
[28:18]
Gil Messick
And I'm sure that in the next war, then somebody else will learn from the lessons of this war and try to be better and greater.
[28:27]
Dena Temple Roston
And that means what feels new now won't stay that way for long. This is Click Here. Click Here is a production of Recorded Future News and prx. Today's show was written and produced by Megan Dietrich, Sean Powers, Erica Gaeda, Sarah Zach Hirsch and Casey Georgie. It was edited by Karen Duffin and Sarah Cavato and Fact Checked by Darren Ancrum. Original music is by Ben Levingston with additional music from Blue Dot Sessions. Our staff writer is Lucas Riley, our illustrator is Megan Goff, and our sound designers and engineers are Jake Cook and Jesse Niswonger. I'm Dina Temple Raston and thanks for listening.
[29:45]
Recorded Future Representative
Support for this program comes from Recorded Future. In cybersecurity, the biggest risk isn't what can be seen, it's what gets missed. Recorded Future analyzes billions of signals to help organizations stay ahead of threats. Recorded Future Know what matters?
[29:59]
FBI/Secret Service Agent
Act first if you're looking for a daily guide to cybersecurity news and policy, sign up for the Cyber Daily from Recorded Future News. It serves up the day's most interesting and important cyber stories from our sister publication the Record, and then aggregates all of the big cyber stories you might have missed from news outlets around the world. Just go to the Record Media and click on Cyber Daily to get all you need to know about the world of cybersecurity right in your inbox.