Operation Epic Fury: Why exposure data changes everything about Iran's cyber-kinetic campaign

## Executive summary Tenable's analysis of Operation Epic Fury shows a hybrid Iranian cyber-kinetic campaign with massive exposure from a Microsoft Word N-day (CVE-2026-21514) that alone accounts for nearly 14 million affected assets—predominantly in the United States—alongside active APT activity (MuddyWater, OilRig, Handala), IoT camera exploitation to support kinetic strikes, confirmed destructive wiper activity (Stryker), and urgent mitigation recommendations to prioritize patching, isolation, and hunting while Iranian coordination capacity is degraded.