On 28 October 2025, researcher Nariman Gharib detailed leaked CSV files reportedly tied to Charming Kitten containing domain registrations, hosting activity, payment records, and operational email infrastructure spanning 2023 to 2024, along with references to Iranian telecom blocks and suspected IRGC-aligned procurement channels. The disclosure appears to map core service providers, cryptocurrency-based payments, and active operator accounts used to support phishing and infrastructure rotation.
Analysis: If authentic, these files provide actionable insight into Charming Kitten’s procurement and infrastructure lifecycle, including financial flows and service dependencies that could accelerate attribution, blocking, and proactive disruption. Public exposure of operators, service vendors, and domestic network blocks may pressure Tehran’s cyber units to retool, yet historical behavior suggests Iran will likely maintain tempo and diversify infrastructure rather than cease activity. This case underscores the importance of tracking adversary logistics and payment mechanisms as a means of degrading persistent state-aligned access operations.
A recent Financial Times report revealed that the US has quietly provided intelligence support to enable Ukraine’s long-range strikes on Russian energy infrastructure, representing a significant evolution in the strategic landscape of the war. This isn’t just about Ukraine landing successful drone or missile strikes. It’s about deliberately going after the economic base that keeps Russia’s war machine running.
According to the reporting, US intelligence has played a central role in shaping Ukraine’s route planning, timing, and target prioritization. This has allowed Ukrainian forces to bypass layers of Russian air defense and strike energy assets far beyond the frontline. Over the last few months, at least 16 of Russia’s 38 oil refineries have been hit, disrupting more than one million barrels per day of refining capacity. These strikes have forced Moscow to cut diesel exports and rely more on imports, tightening supply chains across sectors vital to its economy and military.
Flames and smoke rise from a Russian oil refinery after a Ukrainian drone strike in October 2025, part of a US-backed campaign targeting energy infrastructure. Source: The Moscow Times
The operation points to a deliberate shift in US strategy. Rather than direct military engagement, the US appears to be enabling Ukraine to impose economic costs through precision strikes on energy infrastructure. These assets are crucial to financing and sustaining Russian military operations. By degrading this capacity, Ukraine is eroding the Kremlin’s ability to wage a prolonged war.
The timing is notable, too. The escalation in intelligence sharing reportedly followed a July conversation between President Donald Trump and President Volodymyr Zelenskyy, signaling a change in Washington’s willingness to support deeper strikes. This is a departure from earlier caution, signaling a move toward indirect pressure on Moscow, as opposed to direct escalation.
The operational implications are just as significant. Ukraine has combined improved domestic drone production with high-quality targeting data to achieve strategic effects once reserved for major powers. This model of intelligence-enabled, long-range strikes highlights how modern warfare increasingly relies on precision, adaptability, and economic disruption rather than massed forces alone.
In the months ahead, Russia is likely to face mounting financial pressure as repeated strikes force expensive repairs, disrupt production cycles, and strain export revenue. Even if individual facilities recover, the cumulative effect of sustained targeting will weaken Moscow’s economic resilience. This campaign is designed to shift the balance through systemic pressure on the Kremlin’s capacity to sustain its war.
On 3 October 2025, GreyNoise reported a ~500% increase in unique IPs scanning Palo Alto Networks GlobalProtect/PAN-OS login portals, the highest level in 90 days; open-source coverage between 4–8 October corroborated elevated reconnaissance volumes and noted US-heavy scanning with additional clusters hitting Pakistan. In parallel, Cisco has warned of a large-scale brute-force campaign against VPN, web auth, and SSH services tracked by Talos since 18 March 2024, and with active exploitation of Cisco ASA/FTD VPN web services disclosed 25 September 2025.
Analysis: The GlobalProtect scan spike is highly likely preparatory reconnaissance for credential-stuffing or exploit development rather than noise, based on the scale and concentration GreyNoise reported. It is likely that cross-vendor VPN and portal infrastructure will face elevated probing in the near term given the concurrent, actively exploited Cisco ASA and FTD web-services flaws and the US government’s emergency order on 25 September 2025 requiring agencies to immediately hunt for and mitigate compromise on those Cisco ASA/FTD devices.
China Criticizes Canadian And Australian Warships Transiting Taiwan Strait – 6 SEPT 2025
Reuters (BEIJING) – Beijing criticized the passage of Canadian and Australian warships through the Taiwan Strait, framing the transit as provocation. The People’s Liberation Army (PLA) monitored and issued warnings as the allied vessels conducted a routine passage, marking the first such join transit by Canberra and Ottawa. Source: (Reliability: Very High)
Analysis: It is likely that Beijing will intensify diplomatic protests and military shadowing in response to the growing number of allied transits, but it is unlikely that China will attempt direct interdiction in the near term, as escalation risks remain high. (Analytic Confidence: Moderate)
Comment: By joining the U.S. and U.K. in conducting Taiwan Strait passages, Australia and Canada add weight to a growing allied pattern by the West that makes it more difficult for Beijing to depict these operations as isolated provocations.
A Chinese Navy ship shadows HMAS Brisbane during a joint naval activity in the South China Sea, 3 September 2025. The Guardian
FBI Adapts Hunt Methods For Salt Typhoon And Volt Typhoon – 10 SEPT 2025
Cyberscoop (WASHINGTON) – Major intrusions into U.S. telecommunications groups and infrastructure by Chinese groups Salt Typhoon and Volt Typhoon have forced changes in FBI hunting tradecraft, reflecting persistence on critical networks and adaptation to stealthy techniques. An FBI official noted that the two groups have improved their tactics and methods . Source (Reliability: High)
Analysis: It is likely that People’s Republic of China (PRC) state actors will sustain cyber operations against critical U.S. and allied infrastructure, with campaign tempo increasing as Taiwan tensions escalate. (Analytic Confidence: Moderate)
Taiwan Minister Warns of ‘Domino Effect’ if China Takes Island – 12 SEPT 2025
Reuters (WASHINGTON) – Chiu Chui-cheng, head of Taiwan’s Mainland Affairs Council, warned that China’s growing military activity and refusal to renounce force against Taiwan suggests that Beijing might be preparing for war. Chiu argues that if Taiwan were to fall, it could trigger a “domino effect” destabilizing the Asia-Pacific and directly threatening U.S. influence and security. Source: (Reliability: Very High)
Analysis: It is highly likely that Taiwan and its foreign partners will increase diplomatic and military signaling in response to China’s rhetoric, to deter further escalation. (Analytic Confidence: High)
Philippines Protests PRC “Nature Reserve” Plan At Scarborough Shoal – 12 SEPT 2025
The Diplomat (WASHINGTON) – Manila filed a diplomatic protest over Beijing’s plan to designate a nature reserve at Scarborough Shoal, warning it could serve as a pretext for occupation of the contested feature. Source: (Reliability: High)
Comment: Environmental framing has emerged as a recurring tool for Beijing to justify administrative control at disputed features while complicating counter-messaging by claimant states.
China’s Third Carrier Fujian Departs Shanghai; Detected Near Senkaku Islands – 13 SEPT 2025
The Diplomat (WASHINGTON) – The People’s Liberation Army Navy (PLAN) carrier Fujian departed Jiangnan Shipyard on 10 September 2025. Japan’s Joint Staff detected the Fujian and two destroyers roughly 200 km northwest of the Senkaku Islands, heading southwest. Source: (Reliability: High)
Analysis: It is highly likely that the PLAN intends to conduct Fujian’s first long-range trial deployment within weeks, signaling advancing carrier readiness and pressuring Japan’s near seas defense posture. (Analytic Confidence: High)
China’s third aircraft carrier, the Fujian, in the East China Sea, 11 September 2025. Japanese Ministry of Defense
Summary: On 19 September 2025, three Russian MiG-31 fighters violated Estonian airspace near Vaindloo Island, remaining inside NATO territory for about twelve minutes before being intercepted by Italian F-35s deployed under NATOs Baltic Air Policing mission. The aircraft entered without flight plans, had their transponders off, and failed to communicate with air traffic control, prompting a rapid NATO response.
Estonia reported the jets penetrated up to five nautical miles into its territory. NATO officials framed the incident as another deliberate provocation, testing alliance readiness along the eastern flank. Reports indicate these MiG-31s were carrying Kinzhal hypersonic missiles during the incursion.
Analysis: Russia is deliberately testing the NATO alliance by sending strategic assets into allied territory to measure response times and resolve. Putin likely views NATOs restraint as an opportunity to exploit through unconventional warfare and hybrid tactics. These incidents are likely to also shape his perception of alliance weakness, influencing future decisions in possible future conflicts in the Baltics or APAC region.
Military raids and high-profile arrests make headlines, but they do not end the business of cartels. Mexican and South American trafficking organizations operate like multinational corporations: diversified revenue streams, global supply chains, and deep local recruitment pipelines. Long-term disruption will require a different approach. The US must pursue strategies that make the cartel business model financially unsustainable and logistically difficult. This means combining proven tactics with fresh ideas.
The points below are presented as broad concepts to help spark discussion, rather than full write-ups. Bullet points allow the ideas to be absorbed quickly, keep the focus on the main themes, and give room for others to share their perspectives or expand on them with their own insights.
Hit the Money
Cartels are profit-driven, so hitting their finances directly is one of the most effective tactics.
Sanctions: Use the Foreign Narcotics Kingpin Act and related tools to freeze assets and bar cartel associates from the global financial system.
AML enforcement: Monitor wire transfers, front companies, trade-based laundering, and crypto flows.
Asset forfeiture: Seize properties, accounts, and equipment tied to trafficking.
Gatekeeper accountability: Extend AML requirements to lawyers, accountants, and company formation agents who unintentionally aid laundering.
Cartels are resilient because they operate across multiple domains: finance, logistics, community, and technology. Disrupting one area temporarily hurts them; attacking all at once can slowly erode their power. The US can combine financial sanctions, supply chain disruption, legal pressure, recruitment prevention, and intelligence innovation into a long-term strategy. Success will not be a single decisive victory, but a steady squeeze that makes cartel operations unprofitable and unsustainable.
In the wake of escalating tensions in the Middle East this past spring, Iranian state-sponsored hackers turned their focus toward a new frontier: US critical infrastructure.
From May through June 2025, cybersecurity telemetry revealed a 133% surge in Iran-attributed cyber activity targeting US industrial and operational technology (OT) environments. These campaigns hit transportation and manufacturing sectors, but energy and water infrastructure remain long-standing targets. While espionage remains a primary objective, the evidence increasingly suggests Iran is preparing for more overt disruption.
Strategic Escalation
Iran’s cyber posture has always mirrored its geopolitical environment. In Spring 2025, that meant responding to Israeli and US airstrikes with asymmetric cyber operations. Groups like APT33 (Elfin), APT34 (OilRig), and MuddyWater (Static Kitten) ramped up traditional espionage, while more aggressive actors like CyberAv3ngers and Fox Kitten (tied to recent Pay2Key.I2P ransomware operations) pursued OT-focused sabotage and ransomware deployment.
Iran’s messaging through pseudo-hacktivist fronts and deepening ties with ransomware operators clearly framed this activity as retaliation for “Western aggression.” That framing is part of a broader Iranian cyber doctrine that views critical infrastructure compromised as a form of coercion and deterrence.
In parallel with APT activity, pro-Iranian hacktivists ramped up operations against US defense and critical infrastructure sectors. Groups like “Mr. Hamza” claimed responsibility for defacing and leaking data tied to defense contractors, including Raytheon technologies (RTX), following US involvement in strikes against Iranian facilities. While attribution remains murky, these operations often mirror Iranian state objectives and timelines, suggesting coordination or at least ideological alignment. The targeting of US DIB entities serves Tehran’s broader goal of projecting reach and retaliation across both digital and strategic domains.
🚨 DDoS Alert 🚨
Mr Hamza claims to have targeted multiple websites
-RTX Corporation 🇺🇸 -Parsons Corporation 🇺🇸 -Kratos Defense and Security Solutions 🇺🇸 -CACI International Inc. 🇺🇸 -Ultra Group 🇬🇧 -Cobham 🇬🇧 -Serco Group plc 🇬🇧 -Elbit Systems 🇮🇱 -Israel Aerospace Industries 🇮🇱… pic.twitter.com/YGHB1tTPmt
Iran’s shift toward OT environments is the most significant development.
MuddyWater and APT33 continued to exfiltrate intellectual property from manufacturing and defense-adjacent industries.
CyberAv3ngers targeted water control systems and other ICS devices with their custom malware, IOControl, discovered embedded in US and allied OT environments.
Fox Kitten evolved into a ransomware-as-a-service operator with an 80% (up from 70%) profit-share for affiliates targeting the US or Israel.
Alongside collecting information, these actors are also establishing persistence. In many cases, backdoors were quietly planted and left dormant; signaling an intent for future activation should the need arise.
Actor
Affiliation
Focus
Objective
MuddyWater
MOIS
Aerospace & Defense, Utilities, Gov, Civil & NGOs
Espionage
APT33
IRGC
Aerospace & Defense, Energy, Gov, Healthcare
Espionage and Access
CyberAv3ngers
IRGC
Water, ICS, Finance
Disruption
Fox Kitten
Unkown
IT/OT Gateways
Ransomware-as-a-service
OilRig
MOIS
Finance, Gov
Credential Theft
Implications for the US DIB
Iran’s campaigns are displaying a willingness to target logistics, aerospace, and manufacturing suppliers that support US and Israeli defense sectors. The Defense Industrial Base (DIB) should expect more of this; not only from state-sponsored actors, but from criminal or hacktivist affiliates acting on behalf of Iran’s IRGC or MOIS cyber arms.
Some immediate implications:
DIB contractors should hunt for Iranian TTPs and malware like IOControl and DNSpionage.
OT segmentation, remote access policies, and endpoint hygiene are foundational.
Incident response (IR) planning must include scenario-based escalation modeling: what happens if the access Iran gains today becomes a wiper event tomorrow?
US Response: Shields Up
Initially, the federal response may have felt quieter than prior cyber alerts like those during the Ukraine conflict but the signals were still there.
On LinkedIn, Jen Easterly, former CISA Director, reactivated the Shields Up mantra within hours of US strikes on Iranian nuclear sites. Her post explicitly warned US critical infrastructure operators to expect:
Credential theft and phishing
ICS-specific malware
Wipers masquerading as ransomware
Propaganda-laced hacktivist campaigns
Easterly urged sectors to segment OT networks, patch internet-facing systems, enforce MFA, rehearse ICS isolation, and actively monitor ISAC channels.
The various critical infrastructure-related ISACs followed suit. And while no single campaign bannered over the response, the defense posture matched the moment.
Jen Easterly emphasizes the importance of cybersecurity vigilance for US critical infrastructure in response to recent Iranian cyber activities.
So What’s Next?
Iran’s recent activity represents a shift in focus, not necessarily a shift in capability. The targeting of OT environments and critical infrastructure may reflect aspirational doctrine as much as operational readiness. While there’s no conclusive evidence that Iranian actors have staged disruptive payloads in U.S. networks, the direction of their targeting and tooling, particularly the development of ICS and OT-specific malware, suggests a growing interest in operational disruption, and not just information gathering.
For the US defense and critical infrastructure communities, this creates a clear mandate to prepare for the next phase before it arrives.
Monitor beyond the perimeter: Iranian threat actors have historically gained access through default credentials, exposed devices, and lateral movements through flat networks.
Expect dual-use operations: Intelligence collection and pre-positioning are not mutually exclusive.
Reassess assumptions: Iranian groups are traditionally viewed as less sophisticated than Russian or Chinese APTs, but recent coordination and tooling suggest they’re evolving quickly.
In short, we’re seeing a doctrinal pivot. Iran is exploring offensive options in OT environments, and testing how far it can go without triggering escalation. This makes detection, attribution, and sector-wide coordination more important than ever.
On 13 June 2025, Israel launched a surprise air offensive against Iran, bombing a series of nuclear and military installations after alleging Tehran was on the verge of nuclear weapons capability. Over the next week, intense exchanges ensued: Iran’s IRGC retaliated with hundreds of rockets and drones targeting Israeli cities, while skirmishes flared across Syria and Lebanon via Iran-aligned militias. The conflict escalated dramatically on 21 June 2025 when US President Donald Trump announced Operation Midnight Hammer, a US air and missile strike against three of Iran’s most critical nuclear facilities. All three sites (Fordow, Natanz, and Isfahan) were integral to Iran’s nuclear fuel cycle and their selection was evidence of a sweeping effort to cripple Iran’s ability to produce weapons-grade material.
Notably, both Fordow and Natanz were under IAEA safeguards at the time of the strikes, meaning they were monitored with cameras, periodic inspections, and seals under the terms of Iran’s Comprehensive Safeguards Agreement. While these facilities had enriched uranium up to 60%, they remained within the bounds of Iran’s NPT obligations, though deeply controversial.
Iran’s immediate response was militarily limited but symbolically charged. In the early hours of 23 June Tehran fired a volley of ballistic missiles at Al Udeid Air Base in Qatar, the largest U.S. base in the Gulf. The attack was preceded by advance warning and ultimately caused no casualties, a fact President Trump pointed to in calling Iran’s response “weak”. Nevertheless, the message was clear: Iran meant to show it could strike American assets in the region. Simultaneously, Iran’s parliament convened an emergency session in which hardline lawmakers voted to authorize closure of the Strait of Hormuz, a move that, if implemented, would choke off 1/5 of global oil shipments. This vote was largely posturing but it demonstrated Iran’s leverage over global energy markets and signaled how far it might go if fighting continued.
By 24 June, intensive behind-the-scenes diplomacy, reportedly involving Oman, Russia, and China, yielded a fragile ceasefire. President Trump announced that Israel and Iran had agreed to pause hostilities, with Israel phasing out airstrikes and Iran halting missile fire. Israeli warplanes stood down later that day, ending ten days of open warfare. The truce, however, remained shaky. Within hours of the ceasefire taking effect, Iranian proxies in Gaza and Lebanon launched isolated rocket salvos, and an Iranian missile strike landed in the Israeli city of Beersheba, causing civilian casualties.
For Iran, the outcome was bittersweet. On one hand, they survived the most concerted US-Israeli military action against it in decades; Iran’s leadership even declared victory once the ceasefire held, with Supreme Leader Ali Khamenei boasting that Iran had “slapped the US in the face” by resisting its demands. On the other hand, the physical damage to Iran’s nuclear program was significant. Post-strike satellite imagery showed heavily damaged buildings at Natanz and Fordow, and Western intelligence assessed that Iran’s enrichment capability had been set back by at least a year or two. US officials characterized the strikes as successful in destroying key infrastructure, while also emphasizing that no strike can destroy the knowledge in Iranian scientists’ heads. As the dust settled, Washington dispatched envoys to rally international support for stricter containment of Iran’s nuclear activities, even as Tehran dug in on its right to peaceful nuclear technology. This set the stage for the strategic implications now unfolding in the region, particularly regarding China’s role and the reactions of Iran’s regional rivals.
Strategic Insights
The US strikes jeopardize China’s investments in Iran and undercut Beijing’s role as regional mediator. While China condemned the attacks, it continues backing Iran economically an diplomatically. Beijing is expected to avoid direct confrontation while reinforcing ties to Tehran via energy trade, technology transfer, and coordinated diplomatic resistance to US pressure.
Satellite image depicting damage to Iran’s nuclear facility following recent US airstrikes.
Iran’s nuclear know-how and stockpiles remain intact despite facility damage. If Tehran resumes covert nuclear work, regional rivals like Saudi Arabia, Turkey, and Egypt may accelerate nuclear “hedging” via civilian programs and dual-use technologies. The strikes risk triggering a latent arms race.
Attacking safeguarding facilities raises global legal and strategic concerns. Iran could reduce IAEA cooperation or even withdraw from the NPT. Regional states now question the value of treaty compliance if it doesn’t shield them from military action.
The crisis pulls Beijing and Moscow closer to Tehran. Both shielded Iran at the IAEA and could deepen covert cooperation in military tech and trade. China’s Belt and Road Initiative (BRI) ambitions in the region are now tethered to Iran’s resilience and regional stability.
A detailed map illustrating China’s Belt and Road Initiative, showcasing the global infrastructure network involving railroads, ports, and pipelines.
The strikes boost US-Israel deterrence credibility in the short term, but also embolden Iran’s asymmetric response (ie proxy militias, cyber threats, and maritime disruptions). Gulf states remain diplomatically cautious but are reinforcing ties with U.S. defense structures
Watchlist: Things to Monitor
Indicator
What It Signals
Iran reduces IAEA access (ie expels inspectors or disables cameras)
A move toward clandestine nuclear activity or NPT withdrawal
Saudi or Turkish announcements on enrichment or reactor projects
Strategic hedging or quiet proliferation intent
Chinese tech transfers or sanctions-evasion trade with Iran
Strengthened Iran-China alignment despite Western pressure
Strait of Hormuz naval activity or proxy mobilization
Iranian asymmetric retaliation and escalation risk
Gulf states request new US air/missile defense assets
Deepening military alignment amid regional insecurity
Analyst Comment
From an intelligence perspective, the June 2025 Iran strikes represent a watershed that will reverberate through Middle East geopolitics in the short and mid term. The operation achieved a tactical objective in damaging Iran’s nuclear infrastructure, but it also unleashed a cascade of second-order effects. Chief among them is a likely redoubling of Iran’s determination to obtain a credible deterrent, nuclear or otherwise, to guard against regime-threatening strikes in the future. In turn, this is catalyzing reactions among Iran’s rivals to hedge their bets, potentially ushering the region into a new phase of latent proliferation.
The role of great powers has been pretty illuminating. China’s response, in particular, shows the primacy of interests over ideology in its foreign policy. Beijing’s vocal condemnation of US aggression was expected, but more telling is what China does next. So far, China appears committed to quietly propping up Iran’s economy and defense industrial base to ensure Tehran remains a thorn in Washington’s side and a viable participant in China’s Eurasian economic plans while carefully avoiding overt confrontation with the US or alienation of the Gulf states. This dual-track approach will test China’s diplomatic agility and will be a turning point in its Middle East footprint. Either China will emerge as a more assertive power brokering outcomes in regional conflicts, or it will retreat to the sidelines if costs outweigh gains. Early indicators (evacuation of Chinese nationals and calls for talks) seem to suggest a preference for limiting exposure, but Beijing is certainly learning from this crisis and will adjust its long-term strategy (for example, accelerating efforts to settle oil trades in yuan to reduce vulnerability to US sanctions pressure, as hinted by its increased use of RMB in dealings with Iran).
For the United States and its allies, the near-term requirement is to manage escalation and prevent Iran’s retaliation from sparking a broader war. This will mean hardening bases, improving regional early warning systems and processes, and coordinating closely with partners on contingency responses. Diplomatically, it will be imperative to capitalize on the leverage gained over Iran. If Iran is more isolated or its program set back, now is the time to negotiate firmer limits or at least interim arrangements to remove the most dangerous materials from its soil. The US Special Envoy has already signaled openness to talks focusing on Iran’s enrichment levels and stockpile, which would be a face-saving way for Iran to step back from the nuclear brink in exchange for sanctions relief once it regroups. Whether Iran’s leadership feeling humiliated is willing to engage is uncertain, but the ceasefire offers a narrow window for diplomacy before hardliners on all sides gain the upper hand.
A final note on non-proliferation: the integrity of the global regime is arguably at its most vulnerable point since the North Korean withdrawals of the early 2000s. If the Middle East heads into a proliferation cascade, the credibility of the NPT will suffer worldwide. To counter this, innovative solutions should be pursued. These would include a US-led initiative for a Middle East security guarantee (a nuclear umbrella covering Israel and key Arab states to negate their need for independent arsenals), or a rejuvenated push for regional disarmament talks that include Israel’s capabilities, a topic long taboo but maybe less so in the face of multiple potential nuclear actors emerging.
For intelligence terms, we will be watching for the morning after indicators: Does Iran move materiel to secret sites? Do Saudi Arabia or Turkey suddenly announce new “research” reactors or mining projects? Do China and Russia sign new defense deals with Iran? Each of these will tell us how far the dominoes could fall. As of now, the short-term implications are clear: heightened tensions, hedging, and alignment shifts. The mid-term implications, whether this results in a fundamentally more nuclearized and polarized Middle East, or a sobered return to the negotiating table, will depend on the deftness of diplomacy in the weeks ahead and the willingness of regional actors to step back from the precipice.
Stay tuned for more in-depth analysis on Chinese strategic influence in the Middle East, regional nuclear hedging, diplomatic alignments, and regional deterrence dynamics in a writeup to come.
In the early hours of 13 June 2025, Israel launched its most significant direct assault on Iran in modern history. Codenamed Operation Rising Lion, the campaign marked a sharp turn in the long-running covert conflict between the two states. Israeli fighter jets struck over 100 targets across Iranian territory, including the nuclear enrichment facility at Natanz, missile depots in Kermanshah, and command nodes in Tehran. Multiple senior Iranian commanders and nuclear scientists were reportedly killed. The operation is a dramatic escalation in regional tensions, with serious implications for Middle East stability and global nuclear nonproliferation efforts.
Striking the Core
Israel’s operation was expansive and precise. It targeted critical military infrastructure and nuclear development facilities, including hardened underground sites. Among the dead are reported high-ranking IRGC figures and prominent nuclear experts like Hossein Salami, Ali Shamkhani, and Mohammad Bagheri, a dual strategy of infrastructure disruption and leadership decapitation.
Key Iranian military and political figures following the Israeli strikes during Operation Rising Lion.
The strikes hit deep into Iran, including Tehran itself, a rare and provocative step. Civilian areas adjacent to some targets were also impacted, compounding the psychological effect and raising the stakes for potential retaliation.
Map detailing the locations of Israeli airstrikes in Iran on June 13, 2025, highlighting key targets including Tehran and Kermanshah.
Iran’s Response
Iran responded with over 100 drones launched toward Israel with most being intercepted. While less escalatory than a ballistic missile barrage, the drone response shows Iran’s intent to retaliate while avoiding immediate full-scale war. Tehran has declared the attack a “declaration of war” and vowed further action.
Iranian leaders are faced with a strategic dilemma. They must respond forcefully enough to maintain domestic and regional credibility but avoid a retaliation so severe that it draws Israel (and potentially the US) into a broader war. Whether Iran resorts to cyberattacks, asymmetric proxy warfare, or more direct missile retaliation remains to be seen.
Crowds gather in front of damaged residential buildings following the Israeli airstrikes in Tehran.
Regional Reverberations
This confrontation is already straining alliances and heightening regional volatility. Countries like Jordan and Iraq, whose airspace has been overflown by drones and missiles, find themselves increasingly entangled. Gulf states that recently normalized relations with Israel now face diplomatic whiplash, caught between their security partnerships and regional solidarity.
Oil prices have surged. International flight paths have shifted. And diplomatic channels, particularly around Iran’s nuclear program, have gone dark.
Most notably, this exchange shifts the regional deterrence calculus. Israel has shown it will not wait for diplomacy or rely on allies to neutralize existential threats. Iran, meanwhile, may reevaluate the value of nuclear ambiguity and instead pursue a more overt deterrent capability.
A Blow to Nonproliferation
The Israeli strikes have likely derailed any remaining diplomatic momentum around the Iran nuclear deal. Ongoing negotiations now appear suspended, and Iranian hardliners are almost certain to push for more aggressive nuclear development in response.
This crisis could have a ripple effect beyond Iran. Regional powers like Saudi Arabia and Turkey, long watching Iran’s trajectory with caution, may feel renewed pressure to pursue nuclear hedging strategies. If Tehran exits the NPT or halts IAEA inspections, it could trigger a broader crisis of confidence in the global nonproliferation regime.
The strategic irony here is that an operation intended on delaying or halting Iran’s nuclear progress may instead accelerate regional proliferation.
Aerial view of the Natanz Enrichment Complex in Iran, showing significant damage from Israeli airstrikes during Operation Rising Lion on June 13, 2025.
Strategic Outlook
Israel’s strikes have brought an enduring conflict into the open. Whether this confrontation stabilizes the region through deterrence or unleashes a cycle of retaliation depends on what comes next. For now, the situation remains volatile. What’s certain is that this event has reshaped the security landscape of the Middle East. The strike on Natanz seeks to redraw redline, testing thresholds, and redefining the future of deterrence in a region already teetering on the edge.
As Poland approached a critical presidential runoff on June 1, Russian-linked influence networks ramped up efforts to flood Polish social media with anti-Ukrainian messaging. The Institute for Strategic Dialogue (ISD) recently published a detailed report showing how these campaigns are designed to erode public support for Ukraine and stir domestic resentment, right when political tensions are at their peak
Two main disinfo operations are behind this push. One is Operation Overload, which has a track record of impersonating media outlets and recycling content. The other is a newer ecosystem tied to the Pravda and Portal Kombat networks, which lean heavily on AI-generated articles and fake screenshots to manufacture outrage.
Some of the false claims spreading online included:
A fake story alleging that Ukrainian refugees were planning terror attacks in Poland
A re-edited satire video presented as real, suggesting Ukrainians were exploiting Poland’s welfare programs
AI-written content designed to look like legitimate Polish journalism
False narratives amplified so widely that even language models like ChatGPT ended up echoing them when prompted
Analyst Comments
This is classic information warfare, just modernized.
Russia doesn’t need to hack a system if it can hack the conversation. These campaigns are trying to fracture Poland’s support for Ukraine by painting refugees as a threat socially, economically, and even physically. It is low-cost, high-volume influence work, meant to stoke outrage, not debate.
What makes this different from past operations is how AI tools and platform vulnerabilities are baked into the tactics. Generative models are now being used to churn out disinfo content that mimics real reporting. Influencer accounts are being used to frame false stories as trending news. Even satire is weaponized, knowing that once something goes viral, the original context is often lost.
As we head into another global election cycle, Poland is not the only target. Similar tactics are already being seen elsewhere, especially in countries where refugee issues, defense policy, or migration tensions are front and center. This is a good reminder for policymakers, tech platforms, and threat analysts: the battlefield may be digital, but the consequences are real.
The Security Brief 