CloudSEK, a cybersecurity firm that tracks threat actors, says it found evidence that the Iran-linked group commonly known as APT35 had already mapped targets across multiple countries that were later hit during Operation Epic Fury.
In practical terms, CloudSEK is alleging pre-strike reconnaissance: the threat group appears to have collected and organized location intelligence at a country-by-country level ahead of the bombing campaign referenced in the press note. The company is framing this as a reminder that modern conflict doesn’t start with aircraft — it starts with data.
The detail that will matter to readers isn’t the codename, it’s the workflow. If a state-aligned actor can build a structured map of targets at scale, the same playbook can be repurposed for critical infrastructure, telecom, and logistics — the kinds of systems consumers only notice when they fail.
CloudSEK didn’t share enough technical indicators in the email to independently validate the claim or to help defenders quickly hunt for related activity. That’s a common tension with PR-driven threat reporting: it can be useful context, but it rarely includes the actionable artifacts that incident response teams need.
Why this matters
Consumer tech companies are increasingly tied into geopolitical risk through supply chains, cloud services, and ad hoc cross-border operations. The lesson here is that recon data becomes infrastructure risk — and attackers don’t have to break into a device to cause real-world disruption.
About CloudSEK: CloudSEK is an India-founded cybersecurity company that publishes threat research and sells monitoring and response products to enterprises.
