As Operation Epic Fury unfolds, the battlefield has extended well beyond kinetic strikes. Iran’s near-total Internet blackout is only the most visible layer of a much broader hybrid conflict. Beneath the disruption, a coordinated activation of Iranian-state sponsored cyber operators is underway.
This is not a single destructive event; it is a structured escalation model, blending espionage, access development, disruption, and influence operations.
In this 45-minute threat intelligence briefing, Ziv Mador, VP Security Research, breaks down what LevelBlue SpiderLabs has observed, how we have elevated monitoring for clients in recent days, and what detection and response priorities security leaders should implement now. In this session, you’ll learn:
- How Iranian threat actors MuddyWater, Charming Kitten, OilRig, APT33, and affiliated operators are evolving their tradecraft
- The core TTPs driving escalation: credential theft, cloud abuse, supply chain compromise, custom malware, wiper staging, and OT targeting
- Early retaliation signals, from reconnaissance and DDoS to destructive pre-positioning
- How to align SOC detection with the intrusion-to-disruption lifecycle
- Which critical infrastructure sectors are most at risk and why.
