Podcast Summary: "The other battlefield"

Podcast: Click Here (Recorded Future News)
Episode Date: March 20, 2026
Host: Dena Temple-Raston
Main Guests: Jennifer Lynn Walker, Gil Messick
Theme: The realities, motivations, and methods behind recent Iranian hacktivist cyberattacks—targeting not just high-profile organizations, but critical infrastructure and even unlikely places like breweries—as modern warfare is waged in cyberspace.

Overview of the Episode

This episode of "Click Here" delves into the overlooked frontlines of modern conflict: cyberspace. Host Dena Temple-Raston investigates how Iranian hacktivist groups, particularly the Cyber Avengers and Cybertufan, have expanded their targets from state agencies to small municipal facilities and even craft breweries—often motivated as much by politics as by opportunity. The episode explores what makes certain targets vulnerable, how simple security oversights can lead to international incidents, and how the tactics of cyberwar are evolving, especially under the influence of recent global conflicts like the war in Ukraine.

Key Discussion Points & Insights

1. Weaponizing Cyberspace for Political Retaliation

[00:32–01:40]

• On March 11, global medical device manufacturer Stryker suffered a major cyberattack. Unlike typical ransomware, the attackers attempted to wipe systems clean, focusing on destruction rather than profit.
• The pro-Iranian group Handela claimed responsibility, citing it as retaliation for a deadly U.S. airstrike in Iran.
• Insight: The episode frames these attacks as signaling a shift—cyberwar is "no longer hypothetical." Iranian hackers are targeting less obvious, sometimes mundane, entities to make points or sow chaos.

2. Jennifer Lynn Walker: The Cybersecurity Evangelist

[05:24–06:52]

• Jennifer Lynn Walker, director at WATER ISAC (an industry cybersecurity association for water utilities), recounts her career from early cyber enthusiast to sector-focused defender.
• Notable Quote – Jennifer Lynn Walker [05:47]:
  “I've always been an early adopter in any of the cyber things. Did the malware analysis thing before that was really a thing. Cyber threat intel, before that was a thing.”

3. Anatomy of a Hacktivist Attack: Aliquippa Water Authority

[06:59–09:27]

• In November 2023, a small water treatment plant near Pittsburgh was breached by the Iranian-linked group Cyber Avengers.

• The breach involved a programmable logic controller (PLC) flashing a message from the hackers. Their motivation? To target any facility using Israeli-made components (specifically those by Unitronics).

• Notable Quote – Jennifer Lynn Walker [07:43]:
  “That is small. But it doesn't matter how big or how small you are. It's what you have and data and... or devices.”

• Cyber attacks like this don’t depend on the size or prominence of the target but on accessible vulnerabilities.

4. The Simplicity of Many Industrial Hacks

[10:07–13:59]

• The Cyber Avengers’ method was straightforward: they scanned the Internet for Unitronics PLCs with default passwords (“1111”).

• Notable Exchange:

  • Dena [13:22]: “So it was really something as simple as that?”
  • Jennifer: “It was really something as simple as that.”

• This particular weakness—factory default credentials—means industries beyond water could be at risk.

5. Accidental Entrants: The Brewery Hack

[18:08–20:24]

• The Full Pint Beer brewery, located near the Aliquippa plant, was also attacked simply because it used the same vulnerable Israeli PLC.
• The brewery’s public announcement of the hack was met with bemusement, highlighting the randomness when attacks are based on technology signatures rather than deliberate targeting.
• Notable Commentary – Dena Temple-Raston [18:53]: “Turns out this unassuming local bar, unbeknownst to them, had tiptoed into a global political fight.”

6. Beyond Water: The Larger Industrial Impact

[20:46–21:59]

• Sentinel One research found about 1,800 Internet-connected Unitronics PLCs globally; the vulnerability is not confined to water plants.
• Notable Advice – Jennifer Lynn Walker [21:40]:
  “Don't stop at Unitronics. Look at the other devices. Check all of your PLCs, especially the ones that are connected to the Internet, and remove them... if you really don't need them to be connected.”

7. The Evolving Tactics of Iranian Hackers

[21:59–23:46]

• Gil Messick from Checkpoint notes Iranian hackers are growing in sophistication, learning from recent conflicts like the war in Ukraine to enhance their capabilities and tactics.

• Notable Quote – Gil Messick [22:47]:
  “Iran is probably the most prominent cyber offensive player in the region and one of the biggest in the world.”

• New trends include attacks on government agencies, advanced mapping malware, and data theft that’s harder to detect.

8. Ukraine as a Testing Ground and Cyber Lessons

[23:46–24:29]

• The war in Ukraine inspired both defenders and attackers; tactics roll over from one conflict to another.
• Notable Quote – Gil Messick [23:46]:
  “The war in Ukraine was a greenhouse for many cyber trends.”

9. The Human Dimension: Cybertufan’s Cruel Tactics

[24:55–27:35]

• The group Cybertufan targeted Israeli web hosting services, posting customers’ personal info as retribution for Israeli military actions.
• More sinister, after Hamas kidnapped Israeli hostages in October 2023, hackers texted families with malicious links posing as messages from loved ones—aiming to steal sensitive data.
• Notable Quote – Gil Messick [27:35]:
  “Not the most sophisticated thing we've seen, but the level of details, the level of... cruelness. In a way, this is something which is most alarming to me.”

10. The Future of Hybrid Warfare

[28:01–28:26]

• The Russian invasion of Ukraine is cited as the world’s first true "hybrid war," seamlessly weaving cyber and kinetic attacks.
• Each conflict accelerates the learning curve for both cyber defenders and attackers.
• Notable Quote – Gil Messick [28:18]:
  “In the next war, then somebody else will learn from the lessons of this war and try to be better and greater.”

Notable Quotes & Memorable Moments (With Timestamps)

• [05:47] Jennifer Lynn Walker: “I've always been an early adopter in any of the cyber things. Did the malware analysis thing before that was really a thing. Cyber threat intel, before that was a thing.”
• [07:43] Jennifer Lynn Walker: “That is small. But it doesn't matter how big or how small you are. It's what you have and data and... or devices.”
• [13:59] Jennifer Lynn Walker: “It was really something as simple as that.”
• [18:53] Dena Temple-Raston: “Turns out this unassuming local bar, unbeknownst to them, had tiptoed into a global political fight.”
• [21:40] Jennifer Lynn Walker: “Don't stop at Unitronics. Look at the other devices. Check all of your PLCs, especially the ones that are connected to the Internet, and remove them... if you really don't need them to be connected.”
• [22:47] Gil Messick: “Iran is probably the most prominent cyber offensive player in the region and one of the biggest in the world.”
• [23:46] Gil Messick: “The war in Ukraine was a greenhouse for many cyber trends.”
• [27:35] Gil Messick: “Not the most sophisticated thing we've seen, but the level of details, the level of... cruelness. In a way, this is something which is most alarming to me.”
• [28:18] Gil Messick: “In the next war, then somebody else will learn from the lessons of this war and try to be better and greater.”

Timestamps for Key Segments

• 00:32 — The Stryker cyberattack and the rise of Iranian-linked hacktivism
• 05:24 — Introduction to Jennifer Lynn Walker and WATER ISAC
• 06:59 — The Aliquippa Water Authority hack: anatomy of a modern hacktivist operation
• 10:07 — How hackers target industrial facilities using simple vulnerabilities
• 13:22 — The critical role of default credentials
• 18:08 — A brewery’s unlikely brush with international cyberwar
• 21:59 — Broader implications: industrial vulnerabilities, advice for defenders
• 22:47 — Insights from Gil Messick on Iranian cyber evolution
• 23:46 — The Ukraine war: cyber lessons for the world
• 24:55 — Cybertufan’s campaign: from web defacement to targeting hostages’ families
• 28:01 — The dawn of hybrid war and what comes next

Episode Tone and Takeaways

• The episode is urgent yet accessible, explaining technical concepts in plain language and emphasizing human stories.
• Main takeaway: The digital battlefield is everywhere. Political motives can make unlikely targets, like small utilities and breweries, a part of global conflict.
• Simple security lapses—like unchanged default passwords—open doors to sophisticated and unsophisticated attackers alike.
• Warfare is evolving; the lines between nuisance hacktivism and impactful cyberattacks are blurring, driven by lessons from recent conflicts.
• Final Reflection: What happens abroad in warfare and politics can have real-world, local, and sometimes unexpected digital consequences far from the front lines.

This summary captures the episode’s core stories and themes, with selected quotes, key insights, and segment timings—giving new listeners a full picture of the conversation and its significance in today’s cyber landscape.