Threat Level: CRITICAL
The War Grinds On
DEVELOPING STORY β The US-Israel-Iran war entered its fifteenth day on March 14 with no ceasefire in sight. Situation remains highly fluid.
Iran War Week Two: Kharg Island Struck, Oil Past $100, 13 US Dead
The US-Israel war on Iran ground through its second full week with no off-ramp in sight. The defining strike came when Trump announced US forces had “obliterated” military targets on Kharg Island β the terminal through which roughly 90% of Iran’s oil exports flow. Trump warned the oil infrastructure itself could be next. It was the most economically consequential single strike of the war: Brent crude rocketed past $100/barrel and has stayed there.
Iran’s new Supreme Leader Mojtaba Khamenei β elevated after his father’s assassination in the opening strikes β issued his first public address vowing to keep the Strait of Hormuz blocked until attacks cease. Sea drones have hit oil tankers in the Gulf. Over 40,000 flights have been cancelled across West Asia. The UAE halted major refinery operations. India formed an emergency panel as commercial LPG shortages hit consumers. Iraq’s oil output dropped to 1.4 million BPD.
On the military side, a US Air Force KC-135 refueling tanker crashed in western Iraq on March 13, bringing the total US death toll to 13. A missile hit the helipad at the US Embassy in Baghdad. Sirens blared at Incirlik Air Base in Turkey β a key NATO facility housing US troops β with residents reporting smoke and a glowing object. The IRGC released footage of coordinated “swarm drone” launches against US-Israeli positions. Iran declared it would attack Gulf nations hosting US forces, hitting Saudi oilfields, Kuwait, Oman’s Salalah port, and Dubai.
The domestic picture is stark: polling shows this is the most unpopular conflict in US history, with opposition exceeding every major American war since WWII. IDF Chief of Staff said the campaign may continue until April. Trump held an hour-long call with Putin to discuss both Iran and Ukraine. Iran’s sports minister announced the country would boycott the 2026 World Cup. The White House insists Operation Epic Fury is delivering “resounding success.” (CBS News, NBC News)
Iran’s Asymmetric Playbook β And Russia’s Hand In It
Iran cannot match US-Israeli conventional firepower. It knows this. Instead, Tehran is running a war of endurance: cheap drones, proxy strikes across six countries, economic warfare via Hormuz, and strategic patience. The IRGC controls the war strategy and has bet that domestic US opposition and global energy pain will force Washington to the table before Iranian resolve breaks.
A CNN exclusive revealed that Russia is actively advising Iran on drone tactics drawn from lessons learned in Ukraine β including swarm patterns, GPS-denial evasion, and target selection methodology. Western intelligence sources confirmed the cooperation. Meanwhile, Iran launched attacks on at least 17 US sites across the Middle East, striking several multiple times. WHO reported dozens of attacks on medical infrastructure in Iran and Lebanon. A US school was hit; an infant killed in Tehran.
The Pentagon, for its part, is learning too. It reversed an earlier decision and accepted Ukraine’s $1,000 interceptor drone technology β the same system Kyiv had offered months before the conflict. Irony delivered by express mail. (CNN, Moneycontrol)
Israel Widens Lebanon Front; Hezbollah Faces Rare Public Backlash
Israel used the broader Iran conflict to widen operations against Hezbollah in Lebanon, executing plans that had been quietly finalized since January. Strikes hit southern Lebanon during Ramadan, killing at least 15 people including a hotel strike in Beirut. Hezbollah leader Naim Qassem said the group is “prepared for prolonged confrontation.” Israel warned Lebanon it could face an “increasing price” through damage to national infrastructure.
In an unusual development, Lebanese public opinion is turning against Hezbollah. The Lebanese government called on Hezbollah to “immediately surrender” and condemned Iranian attacks on Arab nations. Civilians caught between Israeli bombs and Hezbollah rockets during Ramadan are voicing anger at the group for dragging Lebanon deeper into a war they didn’t choose. Meanwhile, Israeli artillery continued shelling across Gaza despite the supposed ceasefire. (CNN, Boston Herald)
Ukraine: Drone Wars, Storm Shadows, and Europe Pushes Back on Trump
While Iran dominates headlines, Ukraine’s war continues relentlessly. Ukrainian forces struck a major Russian oil hub in Krasnodar Krai, setting fuel tanks ablaze. Russia blamed the UK for a Storm Shadow missile strike on a military plant and threatened “new level” escalation. Russia’s drone production machine β Shaheds and domestic variants β has scaled massively while the West looked the other way, with at least 253 deaths and 1,500 injuries from drone strikes alone.
Europe pushed back on Trump’s move to leverage oil sanctions amid the Iran war. Zelensky lamented that the Middle East conflict has diverted attention and resources from Ukraine. The paradox: Trump’s strike on Iran may have dealt a major blow to Putin’s war machine, since Iran was supplying an estimated $4 billion in weapons to Russia, including the Shahed drones terrorizing Ukrainian civilians. (Yahoo News, Yahoo News)
The Epstein Reckoning
Γkokrim Finds Classified Documents in Rod-Larsen’s Basement
The biggest Nordic Epstein development this week: Γkokrim (Norway’s economic crime unit) recovered classified government documents from Terje Rod-Larsen’s private basement. Aftenposten, VG, and Nettavisen all ran the story. The documents β referred to as the “Oslo papers” β were found during a search connected to the ongoing corruption investigation. The question of why a private citizen held classified state material at home is now front and center.
The National Archives (Nasjonalarkivet) has formally requested access to Rod-Larsen’s basement to conduct a full document inventory. Separately, Dagbladet reported that the Storting’s Standing Committee on Scrutiny and Constitutional Affairs (Kontrollkomiteen) is demanding new answers from the government on Rod-Larsen’s handling of state documents. Nettavisen also highlighted that Norway’s Foreign Ministry (UD) has spent 10 billion NOK on foundations and think tanks since 2000 β with IPI, Rod-Larsen’s Epstein-funded organization, among the recipients. The Advokatbladet (Bar Association journal) raised questions about the legal counsel provided during the basement search. TV2 reported calls for UD to consider filing criminal charges against Rod-Larsen. (Aftenposten, VG)
42 Days of Silence: The Palace Still Won’t Answer
Aftenposten published a damning count: 42 days after the Epstein files dropped, the Norwegian Royal Palace still refuses to answer specific questions about Crown Princess Mette-Marit’s connections. The headline itself β “Etter 42 dager vil fortsatt ikke kongehuset svare” β captures the institutional stonewalling. Meanwhile, German, Dutch, and Spanish media continued to hammer the story. Bunte, Gala, and Hola ran analyses of the growing isolation around Mette-Marit. Infobae reported King Harald has resumed duties while the crisis around his daughter-in-law deepens.
In a concrete consequence, the Norwegian Girls’ Choir (Det norske jentekor) moved to terminate Crown Princess Mette-Marit’s role as patron β a significant public repudiation from a cultural institution. ABCnyheter reported a Swedish PR advisor is warning Mette-Marit that her current strategy of silence is making things worse. Seher.no’s headline β “Borte for alltid” (Gone forever) β suggests the Norwegian public is processing a permanent shift in how the Crown Princess is viewed. (Aftenposten)
FBI Epstein Files Were Hacked in 2023 β Reuters Exclusive
Reuters dropped a bombshell: a foreign hacker compromised FBI files related to the Epstein investigation in 2023, after a server at the FBI’s Child Exploitation Forensic Lab in New York was inadvertently left vulnerable by a special agent. The breach went undetected for an unknown period. TechCrunch and multiple outlets picked up the story.
The implications are severe. These files sat at the intersection of the most sensitive criminal investigation in modern American history and the bureau’s child exploitation unit. We don’t know what was accessed, copied, or altered. We don’t know who the foreign actor was. And this happened a full two years before the DOJ’s mass file release β meaning compromised material may have been in the public dump. Congress is now separately seeking to depose Epstein’s prison guards under oath. (Reuters, TechCrunch)
Swedish and European Threads Keep Pulling
Sweden: Proletaren reported that Epstein funded a Swedish research network, naming Barbro Ehnbom in connection to the funding pipeline. Expressen ran a piece on Epstein’s practice of sending women to a gynecologist β with help from an ex. SVT provided a documentary overview of the released files. The Swedish angle remains under-covered relative to the Norwegian one, but it’s slowly building.
Poland launched a human trafficking probe with links to the Epstein network. Italy’s Infosannio examined Epstein-Israel connections with Rod-Larsen as a central figure. An Estonian outlet linked Jagland and Mette-Marit in the broader context of Nordic exposure. The Wikipedia article on Peter Mandelson’s Epstein relationship now cross-references Jagland and Mette-Marit. The web of connections is being mapped in real time across languages and borders. Haaretz continued its coverage of Oslo Accords mediators being probed over Epstein ties.
ITsec This Week
Iran Opens the Cyber Front: Handala Wiper Attack Cripples Stryker
The war spilled into cyberspace. Iran-linked hacking group Handala claimed a devastating wiper attack on Stryker Corporation, one of America’s largest medical technology companies. The group claims to have wiped over 200,000 devices across Stryker’s global network, shutting down the entire Windows environment and leaving thousands of employees locked out. Stryker’s stock dropped 3.6%.
This is the first significant Iranian cyberattack on a US company since the war began. Stryker confirmed a “global network disruption” but denied ransomware or malware, saying they believe the incident is contained. Security analysts are less optimistic β a wiper attack of this scale, if confirmed, would represent the most destructive state-linked cyber operation against US civilian infrastructure since NotPetya. Stryker makes surgical equipment, implants, and hospital beds used in trauma centers worldwide. The operational impact on healthcare delivery remains unclear. (SecurityWeek, Ars Technica)
Telus Digital: 1 Petabyte Stolen, $65M Ransom Demanded
Canadian BPO giant Telus Digital confirmed a multi-month breach after ShinyHunters claimed to have stolen nearly 1 petabyte (1,000 TB) of data. The attackers reportedly grabbed Google Cloud Platform credentials through the Salesloft Drift compromise and used them to exfiltrate data over several months undetected. The extortion demand: $65 million.
If the data volume claim holds, this would be one of the largest single-organization data thefts ever recorded. Telus Digital handles outsourced business processes for major enterprises, meaning the downstream impact extends well beyond one company. (BleepingComputer)
AI-Generated Malware Arrives: “Slopoly” Powers Ransomware Campaign
A financially motivated threat actor tracked as Hive0163 deployed a new malware strain dubbed “Slopoly” β believed to be generated using AI tools β in an Interlock ransomware attack. The malware maintained persistent access on a compromised server for over a week while data was exfiltrated. This aligns with Flashpoint’s 2026 Global Threat Intelligence Report, which documented a 1,500% surge in AI-related illicit activity and warned of rising “agentic AI cybercrime” β autonomous AI systems conducting multi-step attacks with minimal human oversight. (BleepingComputer, The Hacker News)
Microsoft SQL Zero-Day Grants Sysadmin Privileges
Microsoft confirmed a zero-day vulnerability in SQL Server that allows an attacker who successfully exploits it to gain system administrator privileges. Forbes reported the fix is available, but the window of exposure is concerning given how widely SQL Server is deployed in enterprise environments. Combined with Google’s cloud security report showing attackers increasingly exploit newly disclosed flaws faster than orgs can patch β the window now measured in days, not weeks β the patch-or-die treadmill accelerates. (Forbes)
Breach Roundup
| Target | Impact |
|---|---|
| Telus Digital | ~1 PB stolen via cloud credential compromise. $65M extortion. ShinyHunters |
| Stryker Corp | 200K+ devices wiped. Iran-linked Handala group. Global Windows network down |
| LexisNexis L&P | 400K+ cloud profiles leaked after AWS infrastructure breach |
| Loblaw (Canada) | Network breach β forced customer logout, investigation ongoing |
| Ericsson US | Employee & customer data stolen via third-party service provider |
| Starbucks | Hundreds of employee Partner Central accounts compromised |
| Bell Ambulance | 237,830 affected. Medusa ransomware group |
| Land Bank (SA) | Ransomware β 5 BTC (~R5.4M) demanded. Critical systems reportedly safe |
| BONK.fun | Team account hijacked, wallet drainer deployed on Solana launchpad |
| FBI (2023) | Foreign hacker compromised Epstein investigation files at NYC field office |
Trends
- Flashpoint 2026 Report: 1,500% surge in AI-related illicit activity. Agentic AI cybercrime now a defined threat category
- Iran-linked cyber operations escalating in parallel with kinetic war β expect more wiper attacks on US companies
- Google Cloud: attackers now exploit newly disclosed vulnerabilities in days, not weeks. Patch windows collapsing
- Windows RDP zero-day exploit listed on dark web for $220,000 β premium pricing signals high-value target potential
- Supply chain attacks intensifying: Ericsson, Telus, and Loblaw all hit via third-party/vendor compromise
- AI bots “ignoring their programming” and being repurposed by amateur hackers for large-scale data theft
Week in Numbers
| Stat | Context |
|---|---|
| 15 | Days of US-Israel-Iran war |
| 13 | US military deaths so far |
| $100+ | Brent crude per barrel |
| 200K | Devices wiped at Stryker |
| 1 PB | Data stolen from Telus Digital |
| 1,500% | Surge in AI cybercrime (Flashpoint) |
| 42 | Days of Palace silence on Epstein |
| 40K+ | Flights cancelled across West Asia |
| 17 | US sites damaged in Middle East |
What to Watch Next Week
- Iran war endgame: IDF chief says campaign may run until April. Will domestic US opposition or oil prices force a pivot?
- Strait of Hormuz: Mojtaba Khamenei vowed to keep it blocked. Global energy supply chains hanging by a thread
- Iranian cyber escalation: Handala’s Stryker attack may be the first of many. US healthcare and critical infrastructure on high alert
- Rod-Larsen basement documents: Will the National Archives gain access? What do the classified “Oslo papers” contain?
- Palace breaking point: 42 days of silence. Norwegian Girls’ Choir revoked patronage. How long can Mette-Marit hold?
- FBI Epstein hack fallout: Congress investigating. Were compromised files included in the DOJ release?
- Russia-Iran drone cooperation: Western intelligence confirmed tactical advising. Escalation risk for NATO
- Incirlik and Turkey: Sirens at a NATO base housing US troops. Turkey’s balancing act under direct pressure
FTRCRP β Future Trust & Responsible Computing Practice Issue #007 β Mar 8-14, 2026 Curated by Lara Β· Reviewed by mr0