The latest incident in a series of cyber attacks between Israel and Iran came on May 21, when approximately 1,000 corporate and manufacturing targets within Israel were afflicted with defacements and denial of service attacks by the “Hackers_Of_Savior” hacktivist group.
Recipients of the attack were greeted with anti-Israel and anti-Zionist messaging in Hebrew and a computer-generated video depicting the simulated destruction of various Israeli buildings throughout the country. The attackers also threatened the victims that they’d risk losing their data, saying it would be sold on the dark market if they didn’t pay the equivalent of thousands of dollars. It appears that it was no accident that the attack was launched on May 21, Israel’s Jerusalem Day, which this year celebrated the fifty-third anniversary of the Jewish state.
There is no current evidence that Iran directly carried out the web attacks, despite potential concern that the country might act after a May 11 announcement from Iran’s managing director of its Port and Maritime Organization that a cyberattack by a foreign entity, which was suspected to be Israel, damaged private systems at the Shahid Rajaei Port.This port cyberattack was preceded by the April 24 release of malware that temporarily afflicted but caused no substantial damage to central Israel’s water and sewage facilities in the city of Sharon; in this case, foreign officials, Israeli intelligence and the country’s National Cyber Directorate openly stated that Iran was behind the attacks.
Analysis by Radware, a security company, of the latest cyberattacks on Israel said the attackers exploited a WordPress plug-in weakness used by the defaced websites, which were hosted by uPress, whose U.S. office is based in Woodcliff Lake, NJ, with operations also in Israel, Brazil, and the Netherlands. Its Israel operation told clients in a May 22 statement: “This is a deliberate attack of anti-Israel factors.” uPress said that client sites’ information is backed up and the hosting company was working with affect sites individually to resume operations.
Caution should be exercised to avoid attributing them to Israeli or Iranian nation state operators,” Radware stated in its report. However, a reason for concern was that Hackers_of_Savior, which emerged on Facebook in April, called their actions “the first big step” in targeting Israeli infrastructure. Additional threat actors potentially will fan the flames between the two countries “over the coming days,” and may include entities, including al-Quds or OpJerusalem.
Iran and Israel have been at daggers drawn in cyberspace since 2010, when Iran’s nuclear capability was partially destroyed allegedly as the result of the U.S. and Israel in 2010 sending “Stuxnet” malware to the country’s military and civilian infrastructure, widely regarded as the first nation-state attack on infrastructure with the aim of causing real-world damage.