Overview
- The company defines the model as digital operations feeding precise, real-time data into physical targeting, including live retasking via compromised CCTV feeds.
- Amazon tracked MuddyWater provisioning infrastructure in May 2025 and accessing live Jerusalem camera streams on June 17, correlating with June 23 missile attacks that Israeli authorities said leveraged compromised cameras.
- A separate case details Imperial Kitten compromising maritime AIS beginning in 2021, expanding to shipboard CCTV in 2022, then querying AIS for a specific vessel in January 2024 before a February 1 Houthi missile attempt against that ship.
- Amazon says it identified the activity through its MadPot honeypots, opt‑in customer telemetry, and government‑industry threat sharing, and it urges integrated cyber‑physical defenses and broader intelligence exchange.
- The warning emphasizes that nontraditional targets such as shipping firms and infrastructure operators may be pursued for access to surveillance, industrial systems, and location data, with similar tactics reported for Russia and China.