Cyber Threat Actor: Hackers of Savior
| Actor Type | Location | Known Incidents |
Activist
|
Iran
|
3 incidents |
|---|
Profile
The threat actor known as Hackers of Savior operates under this primary alias and has been publicly associated with Iranian and Palestinian affiliations. Their activities include targeting financial institutions and critical infrastructure, particularly in Israel. In January 2022, the group claimed responsibility for a disruptive cyber attack against a logistics and port terminal operator, which resulted in widespread system shutdowns and operational paralysis. The attackers leaked security camera footage and internal system images, demonstrating unauthorized access to the victim’s network. Recovery efforts were projected to take weeks due to the complexity of restoring interconnected logistics systems and addressing regulatory scrutiny. This incident underscored the group’s focus on disrupting critical infrastructure outside state-mandated cybersecurity oversight frameworks.
Hackers of Savior has also asserted compromises against Israeli financial entities, including unauthorized access claims targeting Bank Leumi’s interbank transfer network and customer accounts in April 2022. These allegations were uniformly denied by Israeli cybersecurity authorities and the affected institutions, with no corroborating evidence of breaches or financial impacts. The group’s operations reflect a pattern of publicly claiming high-profile intrusions, though verification remains inconsistent. Their tactics in confirmed incidents involved exfiltrating and leaking operational data to substantiate network access. While loosely linked to Iranian and Palestinian causes in public reporting, explicit affiliations with state or criminal entities remain unconfirmed. The port terminal attack stands as their most consequential publicly documented operation, highlighting a disruptive objective against vulnerable critical infrastructure.
