Cyber Incident Victim: Israel Postal Company
Date:
Mar 2023
Location:
Israel
Summary
A cyber attack targeted Israel Post, forcing the company to proactively shut down parts of its computer systems to contain the incident. The attack disrupted services including package delivery, customs payments, and courier ordering, though its banking operations remained unaffected on a separate network. The hack was detected early and is believed not to have caused damage or data leaks, with national cyber authorities providing aid to the essential government company.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 7 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On the evening of March 28, 2023, the Israel Postal Company detected a cyber attack originating from a hostile party targeting its computer servers. The company identified the attacker as a skilled individual who had planned a significant attack against the government-owned entity, which is officially defined as an essential body. In immediate response to this detection, the Israel Post took the proactive step of shutting down a portion of its computer systems to contain the threat and prevent potential risks. This decisive action was taken despite an initial assessment that the hack was detected and stopped at an early stage, with a belief that it had not caused any actual damage or resulted in the leakage of any information.
The operational impact of this system shutdown was substantial and widespread. Most of the disabled services remained non-operational for a period following the attack. Critical customer-facing services were suspended across the company's website, its call center, and its physical branch locations. Specifically, package delivery and courier ordering services were halted. The ability to collect packages from designated delivery points within businesses was also suspended. Financial transaction services were severely affected, including the inability to make customs payments and process payments for various governmental bodies and other organizations. Additionally, services such as transferring vehicle ownership were no longer available. The Israel Post directed customers seeking information on unavailable services to a dedicated section of its website.
A critical distinction was made regarding the organization's financial services. The Israel Post emphasized that its banking services, operated by the Post Bank, were completely unaffected by the incident. These services continued to operate as usual because the Post Bank's systems are entirely separate from the postal network infrastructure that was targeted and subsequently taken offline. This separation ensured the continuity of financial operations for customers despite the widespread disruption to postal services.
The national significance of the incident was underscored by the involvement of the National Cyber Directorate. As a government company classified as an essential body, the Israel Post received aid from the national authority. The National Cyber Directorate provided assistance in handling the incident, reflecting the perceived severity of the attack on critical national infrastructure. The company's public communications acknowledged this support and reassured customers that work was ongoing to restore all services to full availability as soon as possible, apologizing for the inconvenience caused.
This attack on the Israel Post was not an isolated event but part of a broader wave of cyber attacks against Israeli targets during this period. Just days later, on March 31, a separate cyber attack disabled the irrigation systems of at least ten farmers in the Hula Valley, the Jordan Valley, and other regions. These attacks on agricultural infrastructure halted scheduled watering, and a message reading "You Have been hacked, Down with Israel" was displayed on the compromised water controllers. The National Cyber Directorate, along with the Ministry of Agriculture, investigated these incidents and confirmed that irrigation activities resumed after the attack. The Israeli company Unitronics, which manufactured the hacked controllers, stated that its products included built-in cyber protection layers and were designed to allow for rapid recovery. The company acted quickly to assist its customers and ensure a swift resolution.
Furthermore, these incidents coincided with an annual cyber campaign known as "OPIsrael," which has been waged against Israel each April since 2013. During this time, a hacker group identified as "Anonymous Sudan" claimed responsibility for hacking into the websites of several Israeli universities, airlines, and Israel Railways. The National Cyber Directorate had issued a warning the prior week about an anticipated increase in cyber attack efforts against Israel during the month of Ramadan and ahead of "Iranian Jerusalem Day" on April 14. The attack on the Israel Post, therefore, occurred within a context of heightened cyber threat activity targeting a range of Israeli entities. The Israel Post incident serves as a specific example of an attack on a essential service provider, its immediate operational consequences, and the coordinated response between a state-owned company and national cybersecurity authorities to contain the threat and begin restoration efforts.