Cyber Incident Victim: Land Rover Israel
Date:
Apr 2015
Location:
Israel
Summary
A coordinated cyber attack by multiple hacking groups targeted Israeli entities, compromising hundreds of websites and leaking extensive sensitive data. The attackers exfiltrated thousands of credentials including PayPal accounts, email addresses, and personal information such as names, addresses, and phone numbers belonging to citizens, alongside modem login credentials. Groups involved claimed responsibility for breaching data from Israeli portals and defacing institutional and commercial websites. The operation involved planned sustained disruptions, with leaked datasets publicly distributed via pastebin links. Analysis confirmed the legitimacy of much of the compromised data, impacting government, academic, and business infrastructure.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 3 actors | Available to members | Available to members |
Description
In early April 2015, multiple hacking collectives including Anonymous, Anonymous Arab, AnonGhost, and Anonymous Arabe executed coordinated cyber attacks against Israeli digital infrastructure as part of Operation OpIsrael. The campaign commenced with the compromise of approximately 700 Israeli websites, including high-profile targets such as the Jerusalem Center For Public Affairs, Honda Israel, and Technion academic institutions. Attackers publicly listed defaced domains on Pastebin and Ghostbin platforms to document their intrusions. Concurrently, the groups exfiltrated and leaked large volumes of sensitive data: Anonymous Arab disclosed 2,143 Israeli PayPal account credentials, while AnonGhost released over 7,000 email addresses and associated passwords. Anonymous Arabe separately published personal information belonging to 150,000 Israeli citizens, containing full names, physical addresses, email accounts, and telephone numbers. Technical infrastructure breaches included the compromise of login credentials for 6,000 Israeli internet modems. Forensic analysis of leaked data repositories confirmed the authenticity of records sourced from Israeli web portals including area.co.il and walla.co.il. The groups announced intentions to sustain attacks through April 20, 2015, maintaining persistent threat activity against Israeli targets throughout this period.
The incident resulted in one of the largest single-point data exposures affecting Israeli entities at that time, with credential leaks spanning financial accounts (PayPal), communication systems (email), critical infrastructure (modem access), and extensive personally identifiable information. Validated data dumps appeared on Pastebin under specific Uniform Resource Locators documenting PayPal accounts, email credentials, and citizen records. Operational impacts included temporary disruption of defaced websites and potential secondary exploitation risks from exposed credentials. No organizational responses or containment measures from affected entities were documented in available reporting. The scale of personal data compromise created significant privacy implications for impacted individuals, with address and contact details potentially enabling physical security threats alongside digital risks. Infrastructure exposures raised concerns about unauthorized network access through compromised modem credentials. The coordinated nature of attacks across multiple hacker collectives demonstrated systematic targeting of Israeli digital assets across governmental, commercial, and institutional sectors during the Operation OpIsrael timeframe.