By Matthew Sparrow
On Saturday, June 21st 2025, the United States conducted military operations against targets in Iran. At any point when there is an escalation in geopolitical events, Centripetal analysts prepare for an increase in cyber threat activity as well. Between the months of May and June, there has been a documented uptick of approximately 20 billion reconnaissance associated events at the time of this release, as well as sustained attacks at various organizations.
Of note, Iranian threat actors have historically had significant success conducting social engineering campaigns, utilizing both phishing and vishing, against a broad range of targets. TTPs include targeting governments, critical infrastructure, logistics services, and service providers. This may involve attacking a partner organization prior to the final intended target.
Finally, news of a “massive data breach” involving billions of records is being tracked and analyzed. At this time, it appears this is simply a consolidated list of data from multiple other breaches (or COMB, Combination of Many Breaches). While much of the data does not appear to be new, it offers attackers a central repository for querying target credentials.
Mitigation Strategies
- Conduct security awareness training across all organization members
- Identify high-risk individuals, conduct tailored training, and ensure additional security measures are in place for protection
- Enforce Multi-Factor Authentication wherever possible
- Ensure software is patched to the most current version that still facilitates operations
Centripetal’s Perspective
As part of preparations, customers can expect for medium and low confidence feeds to be migrated into existing policies for monitoring in order to identify activity that may involve re-activation of previously defunct or emerging threat infrastructure. Analysts will coordinate with customers directly on recommendations for shielding over the coming weeks.
Centripetal’s team of analysts is actively monitoring this developing geopolitical situation and its potential cybersecurity implications. Our intelligence team remains vigilant in tracking any emerging threats associated with these events and is prepared to provide timely updates and additional mitigation recommendations as the situation evolves. Customers are encouraged to maintain open communication with us during this period of heightened alert.
Centripetal is also pleased to offer Penetration Testing and Vulnerability Assessment services to help organizations identify vulnerabilities and reduce risk. If interested, please contact our Professional Services team at profservs@centripetal.ai or reach out to your Centripetal Account Representative.
