Cyber Incident Victim: Open University of Israel
Date:
Apr 2023
Location:
Israel
Summary
A DDoS attack by the group 'Anonymous Sudan' targeted the Open University of Israel and several other major universities, causing their websites to be unavailable for several hours. The attack was part of a broader campaign against Israeli infrastructure, with the group claiming it was a protest action. The university's website was successfully restored to normal operation after the incident, with no reports of data theft or system penetration.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On the afternoon of April 4, 2023, a coordinated cyberattack targeted multiple major academic institutions across Israel. The hacker group responsible for these attacks identified itself as "Anonymous Sudan," which published a statement on its Telegram account listing the affected university websites. The list of institutions whose websites were rendered unavailable for browsing included Tel Aviv University, the Hebrew University of Jerusalem, Ben-Gurion University of the Negev, Haifa University, the Weizmann Institute of Science, the Open University of Israel, and Reichman University. According to reports, these websites were down and inaccessible for several hours as a direct result of the attack. The group provided a motive for its actions in its Telegram statement, writing, "Infrastructure: Universities - Israel education sector has been dropped Because [sic] of what they did in Palestine." This campaign was identified as being part of a broader activist effort known as OPIsrael, which involves coordinated attempts to attack targets on the Israeli internet.
The same group, Anonymous Sudan, also claimed responsibility for an attack on one of Israel's largest cybersecurity companies, Check Point, later that same afternoon. The company's website was briefly taken down. However, after a short period, the website returned to operating normally. A spokesperson for Check Point provided a statement addressing the incident, confirming that a large-scale attack had occurred against their sites. The spokesperson stated, "All our sites are functioning well despite a large-scale attack on them. The company's website is protected against DDoS (Distributed Denial of Service) attacks at the highest level. [It is] one of the strongest websites in the world." The statement elaborated on the nature of the attack, noting that the hackers utilized a huge volume of requests in an attempt to affect the availability of the site. This technique is consistent with a Distributed Denial of Service attack, which aims to overwhelm a web service with traffic, making it unreachable to legitimate users. The spokesperson confirmed that due to the company's protections, the site's functionality was only impacted for a few minutes and that it resumed normal operation without being damaged by the attack.
In its Telegram communication, Anonymous Sudan indicated that the attacks on the universities and on Check Point were not its main event. The group stated that a primary attack was planned for April 7, though no further specifics were provided regarding the potential target or nature of that planned activity. Reports from the time also indicated uncertainty as to whether the university attacks had managed to penetrate beyond the public-facing websites and into the institutions' internal systems. The cyber security firm Check Point provided analysis to media outlets, characterizing these incidents as service-preventing attacks. These are attacks that primarily aim to bring down websites and do not typically involve the theft of information, and from which recovery can be achieved relatively easily. However, Check Point also noted that it could be assumed such groups often attempt to carry out more significant attacks, including those involving ransomware and data theft.
The scope of the attack campaign expanded beyond educational and cybersecurity entities. According to reporting that cited Check Point, the Anonymous Sudan group also briefly attacked websites associated with several medical centers. Rambam Hospital in Haifa was specifically named as one of the targets. However, the hospital itself subsequently denied that it had been attacked, creating a point of contradiction in the reporting. Despite the claims of the attackers and the initial reports, the hospital's denial suggested that its online services may not have been successfully disrupted or that the attempt was inconsequential. By the end of the day on April 4, some of the websites that had been attacked, including those of the major universities, were reported as already becoming available again, indicating that recovery efforts were underway and proving successful. The incident was reported widely in Israeli media, highlighting the broad but temporary disruption caused by the DDoS campaign against critical sectors.