| The Record from Recorded Future News
therecord.media
Martin Matishak
February 4th, 2026
The U.S. military digitally disrupted Iranian air missile defense systems during its operation last year against the country’s nuclear program, some of the most sophisticated action Cyber Command has taken to date against Iran.
Exclusive: US used cyber weapons to disrupt Iranian air defenses during 2025 strikes
The U.S. military last year digitally disrupted Iranian air missile defense systems as part of a coordinated operation to destroy the country’s nuclear program, according to several U.S. officials, another sign of America’s growing comfort with employing cyber weapons in warfare.
The strike on a separate military system connected to the nuclear sites at Fordo, Natanz and Isfahan helped to prevent Iran from launching surface-to-air missiles at American warplanes that had entered Iranian airspace, the officials said.
“Military systems often rely on a complex series of components, all working correctly. A vulnerability or weakness at any point can be used to disrupt the entire system,” according to one individual familiar with the matter who, like others, spoke on the condition of anonymity to discuss sensitive information.
In hitting a so-called “aim point” — a mapped node on a computer network, such as a router, a server or some other peripheral device — U.S. operators, enabled by intelligence from the National Security Agency, bypassed what would have been a more difficult task of breaking into a military system located at one, or all, of the fortified nuclear facilities.
“Going ‘upstream’ can be extraordinarily hard, especially against one of our big four adversaries,” another official said, referring to the quartet of Iran, China, Russia and North Korea.
“You need to find the Achilles heel.”
None of the officials would specify what kind of device was attacked. At the request of sources, Recorded Future News withheld certain details about the cyberattack due to national security concerns.
“U.S. Cyber Command was proud to support Operation Midnight Hammer and is fully equipped to execute the orders of the Commander-in-Chief and the Secretary of War at any time and in any place," a command spokesperson said in a statement, without elaborating.
The digital element of June’s Operation Midnight Hammer, which has not been previously reported, is some of the most sophisticated action Cyber Command has taken against Iran in its nearly 16-year history.
Since being granted authorities to augment its offensive capabilities during the first Trump administration, the command skirmished with the Islamic Revolutionary Guard Corps and Iranian hacker groups in the run-up to the 2020 presidential election and moved against government-aligned malicious actors before they could disrupt the 2022 midterms.
Gen. Dan Caine, the chairman of the Joint Chiefs of Staff, publicly lauded Cyber Command’s contribution during a Pentagon press conference after Midnight Hammer concluded, noting it had supported the “strike package” that saw all three nuclear sites hit in a span of less than a half-hour.
The command received similar kudos last month after it conducted cyber operations that officials say knocked out power to Venezuela's capital and disrupted air defense radar, as well as handheld radios, as part of the mission to capture President Nicolás Maduro.
Cyber Command and others “began layering different effects” on Venezuela as commandos approached in helicopters in order to “create a pathway” for them, Caine said during a press conference at Mar-a-Lago.
Little has been shared about the command’s role in the ouster of Maduro, however. And while lawmakers received classified briefings on both digital operations last month, they are seeking more information about the digital attacks on Iran and Venezuela, hoping some details will eventually be shared with the public.
Venezuela has “been in the news and a lot of discussion about the fact that this was a good example of what happens when you combine all of the joint forces, including cyber operations,” Sen. Mike Rounds (R-SD), the chair of the Senate Armed Services cyber subcommittee, said during a hearing with defense officials last week.
“I understand that this [setting] is unclassified but there's a lot of folks out there that might now have a curiosity about this, and they may very well want to be a part of a team in the future that you're going to have to try to recruit,” he added.
The officials, for their part, declined to offer any fresh details and instead touted the use of cyber capabilities.
“I would tell you not just [Operation] Absolute Resolve [in Venezuela] but Midnight Hammer, in a number of other operations, we've really graduated to the point where we’re treating a cyber capability just like we would a kinetic capability, not sprinkling cyber on,” Army Lt. Gen. William Hartman, the acting chief of the command and the NSA, told the subcommittee.
Air Force Brig. Gen. Ryan Messer, deputy director for global operations on the Joint Staff, noted that Caine has put an “emphasis on not just traditional kinetic effects, but the role non-kinetic effects play in all of our global operations, especially cyber.”
He said that over the last six months, the Joint Staff has developed a “non-kinetic effects cell” that is “designed to integrate, coordinate and synchronize all of our non-kinetics into the planning and then, of course, the execution of any operation globally.”
In military jargon, “non-kinetic effects” are produced through capabilities like cyber tools, while “kinetic” generally refers to striking targets with missiles or by other physical means.
“The reality is that we’ve now pulled cyber operators to the forefront,” Messer said.
Iran and Venezuela suggest the “ideal use cases for cyber operations as enablers of conventional military operations,” according to Erica Lonergan, an adjunct fellow at the Foundation for Defense of Democracies’ Center on Cyber and Technology Innovation.
“Altogether, both of these operations reflect the routinization of the use of cyber capabilities during military operations, and we should expect to see more of these in the future. In my view, this is a good thing, because it suggests we are moving beyond seeing cyber as a unique, exquisite (and dangerous) capability,” said Lonergan, a former director of the congressionally-mandated Cyberspace Solarium.
“I would not generalize from these cases to make inferences about how this might play out in the context of a contingency involving an adversary like China.”
techcrunch.com
Zack Whittaker
7:25 AM PST · February 5, 2026
The ransomware attack at Conduent allowed hackers to steal a "significant number of individuals’ personal information" from the govtech giant's systems. Conduent handles personal and health data of more than 100 million people across America.
A data breach at government technology giant Conduent appears to affect far more people than first disclosed, with the number of victims potentially stretching to dozens of millions of people across the United States.
The January 2025 ransomware attack, which knocked out Conduent’s operations for several days, is now known to affect at least 15.4 million people in Texas alone, accounting for about half of the state’s population. Conduent said in October that 4 million people across the state were affected.
Another 10.5 million people are affected across Oregon, per the state’s attorney general.
Conduent has also notified hundreds of thousands of people across Delaware, Massachusetts, New Hampshire, and other states, according to data breach notifications seen by TechCrunch.
The stolen data includes individuals’ names, Social Security numbers, medical data, and health insurance information.
One of the largest government contractors today, Conduent handles and processes large amounts of personal and sensitive information on behalf of large corporations, government departments, and several U.S. states. The company says its technology and operational support services reach more than 100 million people in the United States across various government healthcare programs.
When contacted with several questions about the data breach, Conduent spokesperson Sean Collins provided a boilerplate statement that did not address the questions, nor did they answer if Conduent knows how many individuals are affected by the cyberattack. The spokesperson would not say if the breach affects more than 100 million people.
Collins said that the company has been working to “conduct a detailed analysis of the affected files to identify the personal information” taken in the breach but would not say how many data breach notifications the company has sent out to date.
Little else is known about the breach, and the company has disclosed few details. Conduent disclosed the cyberattack in April, months after hackers knocked out the company’s systems, which resulted in outages to government services across the United States.
The Safeway ransomware gang took credit for the breach, claiming to have stolen over 8 terabytes of data.
In a later SEC filing, the company said that the stolen datasets “contained a significant number of individuals’ personal information associated with our clients’ end-users,” referring to its corporate and government customers.
Conduent also said it is continuing to notify individuals whose data was stolen in the breach, and plans to conclude alerting individuals by early 2026. The company did not give a more specific timeline.
bbc.com
Liv McMahon
Technology reporter
Elon Musk's X and Grok platforms are facing increased scrutiny from authorities on both sides of the channel.
The French offices of Elon Musk's X have been raided by the Paris prosecutor's cyber-crime unit, as part of an investigation into suspected offences including unlawful data extraction and complicity in the possession of child sexual abuse material (CSAM).
The prosecutor's office also said both Musk and former X chief executive Linda Yaccarino had been summoned to appear at hearings in April.
In a separate development, the UK's Information Commissioner's Office (ICO) announced a probe into Musk's AI tool, Grok, over its "potential to produce harmful sexualised image and video content."
Writing on X, Musk said the raid was a "political attack".
The company said in a statement that it was "disappointed" but "not surprised," and accused the Paris Public Prosecutor's office of an "abusive act."
X also denied any wrongdoing and said the raid "endangers free speech."
The investigation began in January 2025 when French prosecutors started looking into content recommended by X's algorithm, before being widened in July that year to include Musk's controversial AI chatbot, Grok.
Yaccarino also took to X to accuse French prosecutors of carrying out "a political vendetta against Americans."
"To be clear: they are lying," added Yaccarino, who left the firm last year.
Following Tuesday's raid, French prosecutors say they are now investigating whether X has broken the law across multiple areas.
Among potential crimes it said it would investigate were complicity in possession or organised distribution of CSAM, infringement of people's image rights with sexual deepfakes and fraudulent data extraction by an organised group.
New UK investigation
Meanwhile, UK authorities have given an update on their investigations into sexual deepfakes created by Grok and shared on X.
The images - often made using real images of women without their consent - prompted a barrage of criticism in January from victims, online safety campaigners and politicians.
The company eventually intervened to prevent the practice, after Ofcom and others launched investigations.
In an update on Tuesday, Ofcom said it was continuing to investigate the platform and was treating it as "a matter of urgency".
But it added it was currently unable to investigate the creation of illegal images by Grok in this case because it did not have sufficient powers relating to chatbots.
However, shortly afterwards the ICO said it was launching its own probe, in conjunction with Ofcom, into the processing of personal data in relation to the Grok.
"The reports about Grok raise deeply troubling questions about how people's personal data has been used to generate intimate or sexualised images without their knowledge or consent, and whether the necessary safeguards were put in place to prevent this," said William Malcolm, the ICO's executive director for regulatory risk & innovation.
In late January, the European Commission announced an investigation into its parent company xAI over concerns about the images.
A Commission spokesperson said it was in touch with France over its search of X's office in Paris.
'Not a free country'
Pavel Durov - founder of the messaging app Telegram - criticised the French authorities on Tuesday, accusing France of being "the only country in the world that is criminally persecuting all social networks that give people some degree of freedom".
"Don't be mistaken: this is not a free country," he added in a post on X.
Durov was arrested and detained in France in August 2024 over alleged moderation lapses on his messaging app, which the Paris prosecutor's office said had failed to curb criminal activity.
He was permitted to leave the country last March after the platform made some changes to the way it operates following the arrest.
These included sharing some user data with authorities in response to legal requests.
