Amazon’s threat intelligence team said it observed actors with ties to Iran conducting digital reconnaissance that supported real-world attacks, a practice the company described as cyber-enabled kinetic targeting. The findings were published in a report and said the activity blurs traditional separations between digital and physical domains.
The company reported that a group assessed to be affiliated with Iran’s Islamic Revolutionary Guard Corps carried out reconnaissance targeting a ship’s Automatic Identification System and later obtained access to onboard CCTV, providing real-time visual intelligence. On January 27, 2024 the actor performed targeted searches for AIS location data for a specific vessel, and days later that same vessel was the subject of an unsuccessful missile strike by Houthi militants, the report said; other reporting has attributed a string of Red Sea attacks to Houthi forces.
Amazon also described activity by a separate actor linked to Iran’s Ministry of Intelligence and Security that established infrastructure in May 2025 and later used compromised servers to access live CCTV streams in Jerusalem for real-time targeting information. On February 1, 2024 the Houthi movement claimed it struck a U.S. merchant ship named KOI, an episode the report cited as an example of how digital reconnaissance can precede kinetic strikes.
The report said operators used anonymizing VPN services to route traffic and complicate attribution, and described these espionage-focused cyber operations as potential force multipliers when combined with physical attacks. Amazon’s CISO for Integrated Security, CJ Moses, characterized the campaigns as coordinated digital operations designed to support physical military objectives.
Researchers and security teams were urged to consider the convergence of cyber and kinetic threats when assessing risk to critical infrastructure, particularly maritime platforms and urban surveillance systems. The report recommends adapting defensive frameworks to account for intelligence collection that can directly enable physical targeting.