The current confrontation in cyberspace has solidified as a state of permanent war. Unlike terrestrial conflicts, there are no ceasefires here; analysts warn that the civil infrastructure of the U.S. and Israel is now the main playing field of a battle that seeks psychological destabilization and industrial sabotage.

Under the umbrella of Iranian Intelligence and the Revolutionary Guard (IRGC), various specialized units operate that execute the strategy of "constant pressure." Each group has a defined role in this ecosystem:

🔵 The group known as MuddyWater acts as the spearhead for espionage and initial access. Their specialty is infiltration into governmental networks through highly sophisticated social engineering campaigns. Recently, they have been detected using creative tactics, such as the use of malicious gaming applications, to penetrate officials' devices and gain access to critical infrastructures.

🔵 On the other hand, APT33 (also known as Elphin) represents the shock force in the industrial sector. This group focuses on aerospace and energy targets. Their history includes the deployment of wiper-type malware, specifically designed to irreversibly delete data in oil and electricity networks, seeking to paralyze the adversary's economy from its operational base.

🔵 On a more destructive level, we find CyberToufan. This group has stood out for massive attacks against the Israeli private sector, achieving in the last year the destruction of databases of dozens of organizations. Unlike other groups, their goal is not silence, but the publicity of the damage to undermine confidence in the state's cyber defense.

🔵 Finally, Charming Kitten (or APT42) is responsible for targeted surveillance. They have been behind intrusion attempts in political campaigns in the U.S. and access to video surveillance systems. Their work is essential for hybrid warfare, as they provide the necessary intelligence for physical or digital attacks to be much more precise.

A fundamental actor today is the Handala group. Although it presents itself as an entity of independent pro-Palestinian hacktivists, its technical capabilities reveal total state backing. The group takes its name from the iconic character of the Palestinian refugee child, using this emotional weight to legitimize its actions.

Handala has specialized in the mass exfiltration of sensitive data from defense and nuclear energy sectors. Their strategy combines high-level hacking with an aggressive social media campaign, publishing evidence of their intrusions to generate panic among the civilian population and demonstrate that no institution, no matter how protected, is invulnerable.

The conflict has crossed red lines that were previously considered taboo. The attacks no longer only seek to steal secrets but to alter physical reality. Attempts at manipulation have been recorded in logical controllers of water plants to alter chemical levels, attacks on navigation systems, and blockages at fuel supply terminals.

Moreover, the use of ransomware has transformed: it is no longer aimed at collecting a monetary ransom, but instead is used as a "smokescreen" to permanently destroy critical information, ensuring that the recovery of the attacked companies is slow and costly.