.jpg)
Throughout history, warfare has evolved in line with technology, from spears and swords to muskets and tanks, with each era introducing new instruments of destruction and conflict. In the twentieth century, the Cold War sparked a paradigm shift to proxy wars, surveillance, and information control as primary instruments of power. Today, in the twenty-first century, cyber warfare is the emerging next generation of armed conflict
Unlike traditional warfare, cyber conflict is silent and invisible to mostIt allows state and non-state actors to project power, collect intelligence, and disrupt adversaries with minimal physical risk, just look at the ongoing war in Ukraine.
Since Russia’s invasion in 2022, Ukraine has adopted a hybrid warfare doctrine that integrates cyber operations, electronic warfare, and digital influence at the national level. Ukrainian cyber forces have launched coordinated campaigns targeting Russian command infrastructure, supply chain telemetry, and battlefield logistics using both custom malware and repurposed commercial spyware. At the same time, they’ve leveraged public-private alliances with global technology firms to deploy satellite internet (Starlink), crowdsource open-source intelligence, and engage in strategic disinformation counter-operations.
From Ukraine to Iran-Israel, Cyber Warfare Tactics Extend the Battlefield
The lessons from Ukraine are being mirrored elsewhere. Following Israel’s June 12, 2025, airstrike on Iranian nuclear infrastructure, Iranian-linked cyber groups launched a coordinated retaliation. According to some threat intelligence providers, Radware’s VP of Cyber Threat Intelligence, Ron Meyran, reported a 700% increase in malicious traffic originating from Iran targeting Israeli financial, logistics, and government systems within just two days after the attack.
Iran’s cyber retaliation was intense and technically sophisticated. Layer 7 HTTP floods were observed using randomized payloads specifically designed to bypass static web application firewall rules. Distributed denial-of-service (DDoS) traffic was traced back to compromised MikroTik routers and other unpatched edge network devices, which served as launch platforms for volumetric attacks. Simultaneously, phishing campaigns escalated, with a noticeable increase in credential harvesting through the use of QR code redirection tactics and SMS-based multi-factor authentication bypasses, a trend also noted in Radware’s monitoring. In response, Israeli cyber operators reportedly executed precision strikes on Iranian digital infrastructure. One disruption involved satellite communications, where over 100 VSAT satellite modems on Iranian maritime platforms were taken offline, likely through firmware-level manipulation or direct exploitation of remote management interfaces. Additional operations targeted the Iranian financial sector, where DNS resolution was corrupted and API endpoints for transaction systems were selectively disrupted, leading to regional outages.
Open source tooling once only used by red teams and pentesters are increasingly being modified, and used in these campaigns. Platforms like Mythic, Ghostpack, and Sliver are now in use by both state and civilian operators.
Attackers Using AI and Emulating Nation States
The use of artificial intelligence (AI) in warfare represents a fundamental shift in the way conflicts are initiated and conducted in the digital domain. Both state-sponsored entities and independent threat actors are now leveraging advanced large language models (LLMs) to generate polymorphic phishing campaigns that evolve in real time. These adaptive lures are contextually aware, capable of responding to environmental and behavioral cues, and are specifically crafted to compromise individuals with elevated access privileges.
This is further enhanced through Infrastructure-as-Code (IaC), enabling rapid, automated deployment of key infrastructure components. Within minutes, attackers can establish global proxy networks, configure resilient dynamic DNS failovers, and maintain encrypted reverse tunnels, increasing obfuscation of attack infrastructure and significantly hindering defensive ability to attribute these attacks.
This marriage of these technologies has allowed adversaries to carry out complex, multi-phase intrusion campaigns in a matter of hours. These attacks often follow a familiar playbook, and initial access is frequently obtained through compromised credentials or unpatched public-facing systems. Once inside, lateral movement is facilitated through techniques such as Kerberos ticket theft, enabling access to high-value systems. Data exfiltration typically occurs over encrypted TLS channels that are engineered to resemble normal network traffic, evading detection by standard monitoring tools.
How Security Teams Must Protect Civilian Infrastructure and Private Entities
More importantly, these campaigns are not confined to military or intelligence targets; civilian infrastructure has also been deemed a worthy target. Industrial control systems and SCADA environments are often accessed through poorly secured VPN gateways. GPS spoofing is employed to disrupt navigation systems in the maritime and aviation sectors. Additionally, DNS cache poisoning and BGP hijacking are used to degrade internet stability in regions adjacent to active war zones. While these operations fall short of causing direct physical harm or damage, their cumulative effect erodes public trust and hinders critical services.
The speed and sophistication of modern offensive operations necessitate a fundamental recalibration of defensive strategies. Security teams must adopt an agile mindset and operate under the presumption of breach. This means implementing full packet capture, coupled with forensic replay capabilities, becomes essential for accurate incident reconstruction and attribution. Equally as important, security teams must focus on monitoring DNS-over-HTTPS traffic for behavioral anomalies. This can help detect covert activity within encrypted channels, such as C2 traffic hiding in plain sight.
As global conflicts escalate, the cyberthreat landscape grows increasingly complex and far-reaching. Adversaries are no longer limiting their focus to military and intelligence assets, but are actively targeting financial systems, supply chains, and critical infrastructure, which places both national security and economic stability at risk. The ongoing conflicts in Ukraine and (now) the Middle East confirm that cyber warfare is no longer a supporting capability; it is a core element of modern conflict, wielded by both state and non-state actors. This time, success will belong to those who recognize that resilience is not built on static defenses, but on continuous adaptation, strategic foresight, and the ability to outpace the adversary.
To learn more about Cobalt and our elite pentester community, visit our Cobalt Core page.
