A CYBERATTACK TO QANTAS AIRLINE EXPOSES DATA OF NEARLY SIX MILLION CUSTOMERS, AND GERMANY AND ISRAEL ARE LAUNCHING A JOINT CYBER DOME PROJECT TO DEFEND CRITICAL INFRASTRUCTURE

July 3-9, 2025 | Issue 25 - CICYBER Team

Amelia Bell, Sue Friend, Agathe Labadi, Laura Fuchs, Lucy Gibson, Isabelle Hilyer-Jones

Elena Alice Rossetti, Editor; James Raggio, Senior Editor

Cyber Threats Monitoring^[1]

Date: July 3, 2025

Location: Australia

Parties involved: Australia; Australian local law enforcement; Australian cybersecurity authorities; Australian airline Qantas; Qantas IT department; Qantas technical staff; Qantas airline customers; unconfirmed threat actor behind the cyber attack

The event: Qantas airline is collaborating with the local law enforcement and cybersecurity authorities to investigate a cyberattack, exposing the personal data of six million Qantas customers.^[2]

Analysis & Implications:

• Qantas’s IT and cybersecurity teams will very likely experience significant operational strain as customer inquiries and support requests prompted by the cyberattack surge, likely impeding Qantas’s ability to evolve its security posture. The influx of anxious customers seeking reassurance and guidance will almost certainly saturate help desk capacity, likely forcing technical staff to reprioritize immediate customer-facing tasks over longer-term security initiatives. This reactive posture will likely erode the IT teams’ ability to conduct in-depth forensic analysis and continuous threat hunting, with a roughly even chance of creating detection gaps within their security environment. The persistent redirection of resources and focus toward customer management and searching for the responsible cyber threat actor will likely foster a culture of crisis management, undermining strategic planning and innovation within the IT department.

• The threat actor behind the attack will very likely exploit the stolen data to perform social engineering attacks targeting Qantas customers. The hackers will very likely attempt to access more valuable information, such as credit card details and passengers' passports, likely leveraging their anxiety by posing as service desk workers or law enforcement investigators to obtain this data. They will likely use the stolen phone numbers and email addresses to launch spear-phishing campaigns, using personalized information, such as frequent flyer numbers, to appear legitimate and trick customers into clicking on malicious links or entering sensitive information. The hacker group will likely exploit passenger information for financial gain, such as demanding ransom from Qantas or selling personal data on the dark web, almost certainly allowing threat actors to purchase information to support their operations, putting passengers at risk of identity theft, financial fraud, and targeted attacks.

Date: July 7, 2025

Location: Germany

Parties involved: Germany; German government; German national security agencies; German Federal Office for Information Security (BSI); German cybersecurity professionals; German cyber defense sector companies; German high-profiles actors; anti-Zionist group Boycott, Divestment, Sanctions (BDS); Israel; Israeli officials Israeli cyber companies; NATO; NATO Integrated Cyber Defence Centre (NICC); Russia; China

The event: Germany and Israel collaborate on developing a joint Cyber Dome project, adapting Israel’s Iron Dome cyber defense technology.^[3]

Analysis & Implications:

• The Cyber Dome will likely cause public scrutiny linked to growing reputational costs alongside Germany’s collaboration with Israel. The project’s requirement for legal data sharing across sectors and between Germany and Israel will almost certainly prompt uncertainty and debate among civil society organizations and privacy advocacy groups. Political opposition parties and independent regulatory bodies will very likely call for strict oversight and regulatory safeguards to ensure accountability and transparency throughout the project’s implementation. Activist groups, like anti-Zionist group BDS, will likely exploit this atmosphere of skepticism to organize protests and intensify pressure on policymakers, with a roughly even chance of increasing polarization and complicating efforts to build public consensus around this project.    

• NATO will likely incorporate Germany’s Cyber Dome as a key asset in strengthening collective defense against cyber threats, particularly those backed by Russia and China. Its deployment will likely accelerate NATO’s adoption of autonomous AI threat identification, likely pushing the organization towards integrated, multi-domain cyber defense operations. This will likely position Germany as a leader in (NICC), likely refiguring its rapid-response offensive capabilities. Successful Cyber Dome protection will very likely hamper key state-backed threats, likely hindering Russian and Chinese cyber espionage and infrastructural sabotage campaigns against Germany and the NATO community.

• The Cyber Dome joint project will very likely push Germany to restructure its national security enterprise to focus more on cyber threats, likely to meet Israel’s mitigation and communication standards. German national security agencies dedicated to cyber defense, such as BSI, will very likely invest in advanced AI and automated systems such as Security Information and Event Management (SIEM) platforms to help monitor data on advanced persistent threats (APTs), likely driving the German government to increase partnerships with regional cybersecurity companies. These cyber divisions will likely need to expand recruitment of cyber professionals with expertise in Intrusion Detection Systems (IDS) and Endpoint Detection and Response (EDR), likely providing a two-layered human and AI detection approach. There is a roughly even chance that Germany will create a new cyber defense agency dedicated to the Cyber Dome, likely providing communication with private sector companies in charge of critical infrastructure, and creating a liaison office to deepen collaboration with Israeli officials.

[1] Command Centre, generated by a third party image database (created by AI)

[2] Qantas executives slow to be seen after data breach affecting up to 6 million customers, ABC News, July 2025, https://www.abc.net.au/news/2025-07-04/qantas-reputation-public-relations-after-cyber-attack/105492774 

[3] Germany to Build ‘Cyber Dome’ to Counter Online Threats, The Defence Post, July 2025, https://thedefensepost.com/2025/07/07/germany-cyber-dome-online/amp/