AIG Edition 11

YEMEN: U.S. Ceasefire with Houthis Unlikely to Hold Due to Increased Regional Attacks 

Summary: The Houthi rebels in Yemen launched an attack on a Greek-owned vessel in the Red Sea using drones, rocket-propelled grenades, and small arms, resulting in the deaths of three crew members and injuries to two others. The ceasefire between the U.S. and the Houthis is unlikely to continue due to the increase in operational tempo from the Houthis against maritime navigation in the Red Sea and Israel’s security. 

Development: On 6 July, the Houthi rebels in Yemen attacked a Greek-owned ship in the Red Sea with drones, rocket-propelled grenades, and small arms, killing three and wounding two of the crew members on board. The attack from the Houthis in the Red Sea is the first since late 2024. Israel launched an attack on the Houthis, targeting their critical infrastructure, such as ports and power plants, on the night of 6 July. In response, the Houthis launched two ballistic missiles at Israel but inflicted no damage. The U.S. signed a ceasefire deal with the Houthis in early May 2025, but the deal did not contain any elements regarding Israel. Washington recently brokered a ceasefire deal between Israel and Iran, ending the 12-day war that left Iran’s military infrastructure significantly weakened. Prior to the war with Israel, Iran was estimated to possess between 2,500 and 3,000 missiles along with approximately 350 missile launchers. Following the conflict, the number of missiles has declined to an estimated 1,000 to 1,500, and the number of launchers has decreased to around 100. Iran is facing severe economic challenges, reportedly requiring $500 billion in investment to address critical shortfalls caused by U.S. sanctions. Israel intensified these issues during the war by targeting civilian and energy infrastructure and striking 21 of Iran’s 31 provinces. The conflict resulted in the deaths of 28 Iranian scientists, among them 12 nuclear experts and two artificial intelligence specialists, as well as 20 senior military commanders. 

Analysis: The ceasefire between the U.S. and the Houthis is unlikely to hold as Houthi attacks on maritime traffic in the Red Sea intensify and concerns over Israel's security grow. The Houthi attack on a commercial vessel in the Red Sea, which was the first in several months, displays a renewed operational tempo and a return to the group's pattern of targeting maritime traffic. The threat against freedom of navigation in the world's most critical shipping corridor could compel the U.S. to resume military operations against the Houthis to protect commercial interests and regional stability. Iran, the Houthis' primary benefactor, has emerged from its conflict with Israel significantly weakened. It lost over half of its missile arsenal and dozens of military leaders and suffered widespread economic and infrastructural damage. With Tehran requiring an estimated $500 billion to recover from U.S. sanctions on top of its losses from the most recent conflict with Israel, its ability to sustain and fund regional proxies like the Houthis is currently severely diminished. This lack of ability creates a window of opportunity for the U.S. and Israel to apply coordinated pressure on the Houthis while their external support from Iran remains disrupted. If Houthi aggression continues and Iran remains unable to provide material or financial backing, the strategic outlook may shift in favor of a renewed U.S. effort to degrade Houthi capabilities

more permanently.

[Unnamed Contributor]

DR CONGO: China Likely to Intensify Attempts to Undermine U.S. Mineral Deal  

Summary: The Democratic Republic of the Congo (DRC) and Rwanda signed a peace agreement mediated by the U.S., aimed at ending the fighting between rebel groups in eastern DRC since 2021. The agreement allows for the U.S. to gain access to natural minerals in the DRC, which China has significant influence over. China is likely to intensify its attempts to derail the U.S. mineral deal in the DRC and Rwanda by reigniting conflict, aiming to protect its strategic dominance over the global cobalt market and limit U.S. access to critical resources and infrastructure.

Development: On 27 June, the DRC and Rwanda signed a U.S.-mediated peace agreement aimed at ending over three decades of conflict in eastern DRC. The agreement requires all conflicts to cease and rebel groups to disarm, creating conditions for the U.S. to invest in and secure access to the DRC’s natural resources. The DRC mineral sector is valued at approximately $24 trillion and contains the largest known reserves of cobalt, accounting for about 80% of global cobalt exports. Cobalt is essential for both military and civilian technologies, including weapons production. China controls 80% of the cobalt extracted from the DRC, holds 70% of the global cobalt market, and obtains 67.5% of its cobalt supply from the DRC. The peace agreement includes both the DRC and Rwanda, aiming to end their support for militia groups and promote peace. M23, the most notable rebel group in the conflict backed by Rwanda, has stated the U.S. agreement is not binding for them. 

Analysis: China is likely to intensify efforts to subvert the U.S. mineral deal in the DRC and Rwanda, possibly by influencing M23 to continue fighting and violate the deal’s terms. The DRC is China’s most strategically important asset in its bid to dominate the global cobalt market, which is likely to lead to substantial efforts to undermine U.S. peace and mineral agreements. As Rwanda commits to peace and withdraws support for the conflict, China may turn to backing Rwandan-aligned rebel groups in an attempt to reignite violence, potentially disrupting the deal and cutting off U.S. access to minerals and infrastructure in the DRC. China is more than likely to undermine U.S. investments in the DRC because the country holds critical strategic importance for China’s control over key resources. U.S. mineral investments in the DRC will likely face subversion aimed at weakening U.S. influence and strengthening China’s control over the region’s resources. 

[Jacob Faciana]

Israel: Iran is Likely to Use Pay2Key Ransomware for Destructive Cyber Attacks

Summary: Israel struck key government technical buildings in Sheikh Baha’i and the Cyber Police in Iran, severely damaging its internet infrastructure and cyber warfare capabilities. Iran is likely to intensify its ties with cybercriminals and affiliates of the Pay2Key Ransomware-as-a-Service (RaaS) model to conduct hack-and-leak cyberattacks.

Development: On 21 June, Israeli forces targeted several key technical and cyber-policing buildings in Tehran, including facilities in Sheikh Baha’i and the headquarters of the Cyber Police. The strikes disrupted Iran’s internet infrastructure and damaged its cyber warfare command centers. Days prior, the Israeli-linked hacker group Predatory Sparrow compromised Bank Sepah, a financial arm of the Islamic Revolutionary Guard Corps (IRGC), triggering a digital shutdown that lasted until 25 June. The same group reportedly exfiltrated $90 million in crypto from the Nobitex exchange, which Iran has used to bypass sanctions. The cyber conflict has drawn in over 100 hacktivist groups, which have pivoted toward Israel, using Distributed Denial of Service (DDoS) attacks and leak operations facilitated by services like Tanjiro and GhostNet. In response, Iran’s APT35 (Charming Kitten) launched a phishing campaign against Israeli academics and journalists shortly after the 24 June ceasefire, impersonating Google domains in an apparent espionage effort. The Pay2Key model has been linked to Iranian threat actors, including APT35 and Fox Kitten, and provides Iran with a scalable and deniable option for cyber aggression.

Analysis: Iran is likely to treat ransomware operations as its primary tool of retaliation in the coming weeks, outsourcing execution to cybercriminal affiliates as a means to target Western adversaries while blurring attribution. The Pay2Key model provides Tehran with a flexible and deniable means of imposing costs on Israeli institutions without triggering direct military escalation. Delegating operations to ransomware groups allows Tehran to maintain offensive capability while avoiding direct attribution. This approach aligns with Tehran’s broader pattern of strategy, leaning on plausible deniability and blurring the lines between state and criminal actors to achieve a strategic effect. Iran will likely transition from state-run infrastructure to third-party RaaS networks, allowing it to continue operations and complicate attribution for its adversaries. The recent ceasefire limits Iran’s options for kinetic retaliation, making cyber warfare a more attractive domain for asymmetric escalation. By leaning on ransomware affiliates, Tehran can continue to disrupt Israeli institutions without crossing overt military thresholds. Israel, in turn, is likely to increase cyber counterintelligence operations to preempt and attribute these emerging threats.

[Reyben Cortes]