News You can USE! – Righttoknow.net

BOTTOM LINE UP FRONT (BLUF)

Adversary cyber operations targeting Operational Technology (OT) have reached a new level of maturity, shifting from reconnaissance to direct disruption capabilities, notably evidenced by three newly tracked threat groups specializing in industrial espionage and initial access provision globally. Maritime security remains strained by illicit trade, with US Coast Guard assets focusing on enforcing international sanctions against oil tankers in the Caribbean. Concurrently, organized crime networks are leveraging the U.S.-Canada border for high-volume drug trafficking and human smuggling operations. Nation-state actors, particularly China, Russia, Iran, and North Korea, are prioritizing covert, persistent cyber espionage, with China specifically benefiting from inconsistent international attribution practices.

💻 Geopolitical Cyber

Incident: OT Threat Group Maturation and Sector Mapping

Date: 2026-02-17 (Report Release)

Location: Global Critical Infrastructure (North America, Europe, Asia-Pacific, Middle East)

Key Actors: Azurite, Pyroxene, and Sylvanite (New OT threat groups), Voltzite/Volt Typhoon; KAMACITE, ELECTRUM.
- Three new OT threat groups have been identified, bringing the total number tracked globally to 26.
- Sylvanite acts as an initial access broker, rapidly weaponizing edge device vulnerabilities and facilitating deeper intrusions by groups like Voltzite.
- KAMACITE systematically mapped control loops across U.S. infrastructure throughout 2025, demonstrating advanced preparation for disruption.
- Geolocation Context: Threat activity is distributed globally, with specific targeting of U.S. infrastructure, European distributed energy systems (ELECTRUM in Poland), and Middle Eastern critical infrastructure.
- Tactical Recommendation: Immediately implement network segmentation between IT and OT environments. Prioritize the patching of edge device vulnerabilities and monitor for rapid hand-off behavior indicative of initial access broker activity. Ensure comprehensive OT visibility to reduce incident response time, which studies show cuts containment from 42 days to 5 days.
Incident: State-Sponsored Espionage and AI-Driven Threats

Date: 2026-02-17

Location: Global (Targeting NATO-aligned nations, Ukraine, and major economies)

Key Actors: Russia, China, Iran, North Korea (State-sponsored groups).
- Russian actors maintain persistent pressure on NATO-aligned critical infrastructure, focusing on intelligence collection and network mapping in energy, logistics, and communications sectors.
- China is named as a leading global cyber threat, and inconsistent attribution by tech companies risks incentivizing Beijing’s cyber espionage campaigns.
- AI-powered threats are intensifying, particularly enhancing the effectiveness of highly personalized phishing and evolving ransomware.
- Tactical Recommendation: Increase proactive resilience spending. Adopt a systematic, five-layered approach to cyber resilience, focusing on multi-site data redundancy and architecting for immutability to ensure recoverability following automated attacks.

💸 Financial Crimes

Incident: Insider Trading via Prediction Markets

Date: February 2026

Location: Global/Israel (Wagers placed on Polymarket)

Key Actors: Indicted individuals using classified national security intelligence.
- At least two individuals were indicted for using classified national security intelligence to place wagers on platforms like Polymarket, potentially reaping up to $100,000 in profits.
- This highlights the risk of adversaries exploiting prediction markets by pairing strategic trades with coordinated cyber intrusions or information campaigns.
- Tactical Recommendation: Conduct internal audits and monitoring of proprietary information access relative to public prediction market trends, viewing prediction markets as dual-use infrastructure requiring deliberate guardrails.

🔪 Crime or Organized Crime

Incident: Record Methamphetamine Seizure at Border Crossing

Date: 2026-02-17 (News Release)

Location: Blue Water Bridge port of entry, Point Edward, Ontario, Canada (U.S.-Canada Border)

Key Actors: Kulbir Singh (Driver), Transnational Organized Crime Groups.
- The Canada Border Services Agency (CBSA) seized 266.4 kg of suspected methamphetamine concealed in a commercial truck arriving from the United States.
- Organized crime groups utilize commercial routes for high-volume drug trafficking to fuel further criminal activity in southern Ontario.
- Geolocation Context: The seizure location is a critical chokepoint between Michigan (U.S.) and Ontario (Canada).
- Tactical Recommendation: Increase interagency cooperation (CBSA/RCMP/U.S. law enforcement) for enhanced screening of commercial vehicles and employ detector dog services at high-volume border crossings.
Incident: Transnational Human Smuggling Indictment

Date: Yesterday (Indictment Unsealed)

Location: U.S.-Canada Border (Northern Vermont, New York City)

Key Actors: Francisco Antonio Luna Rosado (Dominican National), Jesus Hernandez Ortiz (U.S. Citizen), JTFA-targeted human smuggling groups.
- An indictment was unsealed charging two individuals with conspiring to smuggle foreign nationals from Mexico and Central/South America into the U.S. via the U.S.-Canada border into Vermont.
- The operation utilized encrypted chat platforms and live shared cellular location data to guide individuals across the border for pickup and transport to New York City.
- Luna Rosado also faces two counts of transactional money laundering related to deposits exceeding $10,000.
- Tactical Recommendation: Increase monitoring of encrypted messaging platforms and cellular location data patterns near remote border sectors. Focus financial intelligence collection efforts on identifying money laundering methods used by smuggling facilitators.

🚢 Maritime Events

Incident: Illicit Oil Tanker Interdiction and Escorts

Date: 2026-01-15 to 2026-02-15 (End of Patrol Report)

Location: Caribbean Sea and Gulf of America

Key Actors: U.S. Coast Guard Cutter Mohawk (WMEC 913), Department of War (DoW) tactical teams, Venezuelan-linked Motor Tanker Veronica, Panamanian-flagged Motor Tanker Centuries.
- USCG assets successfully interdicted and seized two sanctioned oil tankers, the Veronica and the Centuries, preventing the illicit trade of crude oil in violation of international sanctions.
- The operation, conducted under Operation Southern Spear, involved a 2,700 nautical mile escort of the two vessels to secure anchorages for disposition.
- Geolocation Context: High-value interdictions occurred in the international waters of the Caribbean Sea.
- Tactical Recommendation: Maintain dedicated patrol resources in the Caribbean Sea to support Operation Southern Spear. Enhance coordination between Coast Guard tactical law enforcement teams and Department of War assets to secure and escort sanctioned vessels efficiently.

🗽 DVE / Activism/Terrorism

Incident: Sustained Domestic Violent Extremism (DVE) Threat

Date: Ongoing, with recent events in January 2026

Location: United States

Key Actors: Racially or Ethnically Motivated Violent Extremists (REMVEs), Anti-Government or Anti-Authority Violent Extremism (AGAAVE), Partisan Political Extremists.
- Attacks and plots against government targets motivated by partisan political beliefs in the last five years are nearly triple the number observed in the preceding 25 years.
- DVE activity is increasingly amorphous, relying on lone offenders and small cells radicalized online via platforms like Telegram and imageboard sites.
- REMVEs and AGAAVE remain the most lethal categories of DVEs.
- Geolocation Context: Metropolitan areas like New York, Los Angeles, and Washington D.C. have seen the highest volume of historical DVE incidents.
- Tactical Recommendation: Implement enhanced threat detection focused on online chatter regarding accelerationist and partisan political violence. Increase physical security measures around government targets and political offices, which are subject to a consistently high number of DVE attacks.