Amazon researchers uncovered operations by Iranian-linked threat actors who used cyber attacks to support real-world military strikes, marking a new hybrid form of warfare.

Who was behind the attacks?

Two Iranian-linked groups: Imperial Kitten (associated with the IRGC) and MuddyWater (linked to MOIS), both known for espionage and cyber operations.

What was the goal of these attacks?

To collect real-time visual and geolocation intelligence that could help guide or adjust missile strikes and physical attacks.

How were the attacks carried out?

By hacking into surveillance systems, vessel tracking platforms, and other infrastructure to monitor movements and transmit live data to aid physical targeting.

What specific targets were involved?

A maritime vessel tracked by Imperial Kitten and city surveillance cameras in Jerusalem exploited by MuddyWater were both used to guide missile strikes.

Why are these operations significant?

They show that cyber intrusions are no longer just digital — they can directly enable physical harm, making them more dangerous and complex to defend against.

Is this a widespread issue or a targeted one?

These operations were highly targeted, but the underlying strategy is likely to expand across other regions and threat actors, making it a growing concern.

What should organizations do to stay safe?

Secure physical infrastructure like CCTV and tracking systems, limit remote access, segment networks, and monitor for suspicious outbound traffic and behavior.

Threats Feed|Imperial Kitten|Last Updated 26/11/2025|AuthorCertfa Radar|Publish Date19/11/2025

Iranian APTs Link Cyber Reconnaissance to Real-World Missile Strikes

Actor Motivations: Espionage,Exfiltration,Sabotage
Attack Vectors: Compromised Credentials,Security Misconfiguration
Attack Complexity: Medium
Threat Risk: High Impact/High Probability

Threat Overview

Amazon’s threat intelligence team has identified a growing trend in which nation-state actors integrate cyber operations directly into kinetic warfare. The research highlights Imperial Kitten and MuddyWater, two Iranian-linked groups that used cyber intrusions to support physical attacks. Imperial Kitten compromised AIS maritime systems and CCTV feeds to track vessels later targeted by Houthi missile strikes. MuddyWater accessed live CCTV streams in Jerusalem, providing real-time intelligence ahead of Iran’s June 2025 missile attacks. These cases show a shift toward cyber-enabled kinetic targeting, where digital reconnaissance directly informs physical military objectives, reshaping modern conflict across the Middle East’s maritime and urban environments.

Reference and Credit: Amazon - November 2025

New Amazon Threat Intelligence findings: Nation-state actors bridging cyber and kinetic warfare

Detected Targets

Type	Description	Confidence
Sector	Logistics	Verified
Sector	Military	Verified
Region	Israel	Verified

FAQs

Understanding Cyber-Enabled Kinetic Targeting

: Amazon researchers uncovered operations by Iranian-linked threat actors who used cyber attacks to support real-world military strikes, marking a new hybrid form of warfare.
: Two Iranian-linked groups: Imperial Kitten (associated with the IRGC) and MuddyWater (linked to MOIS), both known for espionage and cyber operations.
: To collect real-time visual and geolocation intelligence that could help guide or adjust missile strikes and physical attacks.
: By hacking into surveillance systems, vessel tracking platforms, and other infrastructure to monitor movements and transmit live data to aid physical targeting.
: A maritime vessel tracked by Imperial Kitten and city surveillance cameras in Jerusalem exploited by MuddyWater were both used to guide missile strikes.
: They show that cyber intrusions are no longer just digital — they can directly enable physical harm, making them more dangerous and complex to defend against.
: These operations were highly targeted, but the underlying strategy is likely to expand across other regions and threat actors, making it a growing concern.
: Secure physical infrastructure like CCTV and tracking systems, limit remote access, segment networks, and monitor for suspicious outbound traffic and behavior.

About Affiliation

Imperial Kitten