Cyber Incident Victim: Academy for Torah Initiatives and Directions
Date:
Apr 2023
Location:
Israel
Summary
A cyberattack targeted the ATID Group, an Israeli educational institution, resulting in the leak of thousands of personal records including names, identity cards, and addresses. Concurrently, the Facebook account of the Israeli Prime Minister was hacked to broadcast audio content. The victim organization stated the attack was attempted by individuals from hostile countries and claimed to have thwarted it with only minor information leakage, while a separate hacker group also disrupted various Israeli websites.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On April 24, 2023, coinciding with Israel's Independence Day, a series of cyber-attacks targeted Israeli entities. The incident involved multiple hacker groups and affected various organizations, including high-profile political and educational institutions. The initial reported event was the compromise of Israeli Prime Minister Benjamin Netanyahu’s official Facebook account. Hackers successfully accessed the account and utilized it to broadcast audio content in Arabic and Persian. According to Israeli media reports, this unauthorized content was removed from the platform within minutes of the hack being identified. The specific method of access or the exact nature of the audio content was not detailed in the reporting.
Concurrently, a separate but significant cyber-attack was launched against the ATID Group, identified in reports as the Academy for Torah Initiatives and Directions. The hacker group claiming responsibility for this aspect of the incident identified themselves as Sharpboys. This group published information they claimed was exfiltrated from the servers of the ATID Group. The published data was described as a file containing approximately 200,000 individual records. The compromised information reportedly included sensitive personal details such as full names, identity card numbers, and addresses. Furthermore, the hackers published other personal documents, though the precise type and content of these additional documents were not specified in the available sources.
The ATID Group issued a statement in response to the attack on its infrastructure. The organization characterized the incident as an attempt by individuals from hostile countries to carry out strategic attacks on leading educational institutions in Israel, a reference to the colleges associated with the group. The group's statement claimed that they had successfully thwarted the attack. They further asserted that, to their knowledge, only a small amount of information was actually leaked, a claim that stands in contrast to the volume of data published by the Sharpboys group. The statement did not elaborate on the specific security measures taken to thwart the attack or the forensic methods used to determine the scope of the data leakage.
These specific incidents involving Prime Minister Netanyahu's social media and the ATID Group occurred within a broader context of coordinated cyber activity against Israel that week. Earlier on the same day, Wednesday, April 24, the hacker group known as Anonymous Sudan executed attacks against Israeli websites. Their targets included critical infrastructure entities, specifically the websites of the Israel Port Company and Haifa Port. These attacks resulted in tangible disruptions, causing online services to become unavailable. Israeli media reported that the cyber-attacks caused these disruptions through the collapse of servers, a typical outcome of a Denial-of-Service (DoS) attack. It was noted that these particular attacks did not result in the extraction of information from the targeted servers, indicating their disruptive rather than data-exfiltration nature.
This was not an isolated action by Anonymous Sudan. The group had been active against Israeli targets in the preceding days. On Tuesday, April 23, the group had targeted fifteen other important Israeli websites. The scope of these attacks was wide, encompassing media, financial, telecommunications, and government sectors. Specifically named targets included the website of the Israeli Broadcasting Authority (Kan), several banks, telecommunications companies, and government agencies. This activity followed earlier targeting of the websites belonging to Mossad and the National Insurance Institute. Additional reporting from the Maariv newspaper listed more specific targets from these attacks, which included the telecommunications and Internet services companies Cellcom and Partner, the website of Tel Aviv University, the Jerusalem Post newspaper, and the website of the national water company, Mekorot. Anonymous Sudan itself claimed credit for disabling access to the sites of the Israeli Broadcasting Corporation, the public transportation company Egged, and Israel Discount Bank. The cumulative effect of these distributed attacks was a significant disruption to various online public and commercial services within Israel throughout this period. The incident involving the ATID Group and the subsequent data leak represented the most severe confirmed breach of sensitive personal information during this series of attacks, while the other actions primarily caused service interruptions. The overall campaign demonstrated a coordinated effort by multiple actors to target Israeli digital assets across a diverse range of sectors during a national holiday.