Exclusive: US used cyber weapons to disrupt Iranian air defenses during 2025 strikes

The U.S. military last year digitally disrupted Iranian air missile defense systems as part of a coordinated operation to destroy the country’s nuclear program, according to several U.S. officials, another sign of America’s growing comfort with employing cyber weapons in warfare.

The strike on a separate military system connected to the nuclear sites at Fordo, Natanz and Isfahan helped to prevent Iran from launching surface-to-air missiles at American warplanes that had entered Iranian airspace, the officials said.

“Military systems often rely on a complex series of components, all working correctly. A vulnerability or weakness at any point can be used to disrupt the entire system,” according to one individual familiar with the matter who, like others, spoke on the condition of anonymity to discuss sensitive information.

In hitting a so-called “aim point” — a mapped node on a computer network, such as a router, a server or some other peripheral device — U.S. operators, enabled by intelligence from the National Security Agency, bypassed what would have been a more difficult task of breaking into a military system located at one, or all, of the fortified nuclear facilities.

“Going ‘upstream’ can be extraordinarily hard, especially against one of our big four adversaries,” another official said, referring to the quartet of Iran, China, Russia and North Korea. 

“You need to find the Achilles heel.”

None of the officials would specify what kind of device was attacked. At the request of sources, Recorded Future News withheld certain details about the cyberattack due to national security concerns.

Cyber Command did not respond to a request for comment. The NSA deferred comment to the Defense Department, which did not respond by time of publication.

The digital element of June’s Operation Midnight Hammer, which has not been previously reported, is some of the most sophisticated action Cyber Command has taken against Iran in its nearly 16-year history.

Since being granted authorities to augment its offensive capabilities during the first Trump administration, the command skirmished with the Islamic Revolutionary Guard Corps and Iranian hacker groups in the run-up to the 2020 presidential election and moved against government-aligned malicious actors before they could disrupt the 2022 midterms.

Gen. Dan Caine, the chairman of the Joint Chiefs of Staff, publicly lauded Cyber Command’s contribution during a Pentagon press conference after Midnight Hammer concluded, noting it had supported the “strike package” that saw all three nuclear sites hit in a span of less than a half-hour.

The command received similar kudos last month after it conducted cyber operations that officials say knocked out power to Venezuela's capital and disrupted air defense radar, as well as handheld radios, as part of the mission to capture President Nicolás Maduro.

Cyber Command and others “began layering different effects” on Venezuela as commandos approached in helicopters in order to “create a pathway” for them, Caine said during a press conference at Mar-a-Lago.

Little has been shared about the command’s role in the ouster of Maduro, however. And while lawmakers received classified briefings on both digital operations last month, they are seeking more information about the digital attacks on Iran and Venezuela, hoping some details will eventually be shared with the public.

Venezuela has “been in the news and a lot of discussion about the fact that this was a good example of what happens when you combine all of the joint forces, including cyber operations,” Sen. Mike Rounds (R-SD), the chair of the Senate Armed Services cyber subcommittee, said during a hearing with defense officials last week.

“I understand that this [setting] is unclassified but there's a lot of folks out there that might now have a curiosity about this, and they may very well want to be a part of a team in the future that you're going to have to try to recruit,” he added.

The officials, for their part, declined to offer any fresh details and instead touted the use of cyber capabilities.

“I would tell you not just [Operation] Absolute Resolve [in Venezuela] but Midnight Hammer, in a number of other operations, we've really graduated to the point where we’re treating a cyber capability just like we would a kinetic capability, not sprinkling cyber on,” Army Lt. Gen. William Hartman, the acting chief of the command and the NSA, told the subcommittee.

Air Force Brig. Gen. Ryan Messer, deputy director for global operations on the Joint Staff, noted that Caine has put an “emphasis on not just traditional kinetic effects, but the role non-kinetic effects play in all of our global operations, especially cyber.”

He said that over the last six months, the Joint Staff has developed a “non-kinetic effects cell” that is “designed to integrate, coordinate and synchronize all of our non-kinetics into the planning and then, of course, the execution of any operation globally.” 

In military jargon, “non-kinetic effects” are produced through capabilities like cyber tools, while “kinetic” generally refers to striking targets with missiles or by other physical means.

“The reality is that we’ve now pulled cyber operators to the forefront,” Messer said.

Iran and Venezuela suggest the “ideal use cases for cyber operations as enablers of conventional military operations,” according to Erica Lonergan, an adjunct fellow at the Foundation for Defense of Democracies’ Center on Cyber and Technology Innovation.

“Altogether, both of these operations reflect the routinization of the use of cyber capabilities during military operations, and we should expect to see more of these in the future. In my view, this is a good thing, because it suggests we are moving beyond seeing cyber as a unique, exquisite (and dangerous) capability,” said Lonergan, a former director of the congressionally-mandated Cyberspace Solarium.

“I would not generalize from these cases to make inferences about how this might play out in the context of a contingency involving an adversary like China.”