Cyber war is no longer theoretical
6–18–2025 (Wednesday)
Hello, and welcome to The Intentional Brief - your weekly video update on the one big thing in cybersecurity for middle market companies, their investors, and executive teams.
I’m your host, Shay Colson, Managing Partner at Intentional Cybersecurity, and you can find us online at intentionalcyber.com.
Today is Wednesday, June 18, 2025, and we’ve got some additional situational awareness items that we’re tracking, as tensions rise in the Middle East between Iran and Israel.
Modern Warfare: Kinetic vs. Cyber
Again, it’s Wednesday afternoon as we record this, and there are active bombing campaigns continuing between Iran and Israel, with the US publicly playing a will they / won’t they game in terms of entering the fray.
I’ll leave both the diplomacy and the military maneuvering to the experts in those various disciplines, but there are lots of activities taking place on the digital battlefield that we aren’t necessarily seeing.
Today, that same group was flagged by Zach Whittacker at TechCrunch having wiped out at least $90M from Iran’s largest crypto exchange, Nobitex.
Now, monitoring groups are reporting a nearly nation-wide blackout for Internet connectivity within Iran.
At the same time, Israel isn’t the only one with cyber capabilities at the state level. In fact, on Monday, Jonathan Grieg from The Record noted that the US Department of State is now offering a $10M reward for information on the Iranian group known as “CyberAv3ngers” who are associated with targeting critical infrastructure here in the US.
This reward was specifically posted during the widening conflict in the region, and includes notes from the Chief Analyst at Google’s Threat Intelligence Group warning “that Iranian cyber threat actors would likely “rededicate themselves” to attacks on Israel in light of the recent conflict.
“Iranian cyber activity in Israel is already persistent and aggressive, and has been for several years. Iranian cyber activity has not been as extensive outside of the Middle East but could shift in light of the military actions,” he said.”
The challenge for us on all of this conflict is that while we might be physically removed from this conflict, the Internet, by definition, is a network and is connected.
These types of escalating activities are likely to spill over in any number of ways, including the disclosure of new or novel TTPs by these threat actors who are incentivized to use their very best bag of tricks to support the existential threat - whether you’re Iran or Isreal.
Lower grade threat actors across the space will pick these up and repurpose them for their own purposes.
We’re also likely to see digital collateral damage - and because attribution remains such a challenge, we may see auxiliary actors like North Korea, China, Russia, or even Western countries make moves during this chaotic time attributed to either Predatory Sparrow, CyberAv3ngers, or any number of other splinter groups.
The long story short here for our defenders is that it remains time to be on high alert with our defenses shored up and in place. It continues to be a challenging landscape to operate in, and events like this do not make it any easier.
Buckle up, because the next couple of weeks could either see a material escalation of these activities, or some conclusory changes amongst the players in this game. Either way, we need to stand ready to respond and ensure that we remain resilient in the face of the evolving challenges.
Fundraising
From a fundraising perspective this week, back to more reasonable numbers, with just over $7.3B in newly committed capital. We can’t have $40+B weeks every week, but we do see a couple of articles from the FT being discussed.
One outlines the challenge of the exit strategies, as IPOs remain few and far between. Firms are looking more and more at breakups and continuation vehicles, both of which have implications for the cyber posture of an asset.
We also see the FT’s Editorial Board encourage PE to go Back to Basics - “identifying companies with strong potential and actively building operational value.” Surely cyber will be a key part of that, and we’ve got our work cut out for us.
A reminder that you can find links to all the articles we covered below, find back issues of these videos and the written transcripts at intentionalcyber.com, and we’ll see you next week for another edition of the Intentional Brief.
Links
https://x.com/netblocks/status/1935338921006641377
https://therecord.media/us-offers-reward-for-iran-hacker-iocontrol-malware
https://www.ft.com/content/d94d4850-aa8d-445b-98dc-269efa36885e
https://www.ft.com/content/74ad08d8-53cb-4050-af6f-7b95c19a001d