Cyber Incident Victim: Israeli Community Organization
Date:
Apr 2015
Location:
Israel
Summary
A collective of hacking groups including Anonymous Arab, AnonGhost, and Anonymous Arabe executed coordinated cyber attacks against Israeli organizations, compromising approximately 700 websites and exfiltrating sensitive data. The attackers leaked thousands of credentials, including 2,143 PayPal accounts, over 7,000 email passwords, and personal information—names, addresses, emails, and phone numbers—belonging to 150,000 citizens. Additionally, login credentials for 6,000 modems were exposed. Targeted entities spanned government, academic, and commercial sectors, with institutions such as the Jerusalem Center For Public Affairs, Honda Israel, and Technion confirmed as victims. Data sources included compromised Israeli web portals, and operational details indicated planned continuation of attacks.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 3 actors | Available to members | Available to members |
Description
In early April 2015, multiple hacking groups launched coordinated cyber attacks against Israeli digital infrastructure under the Operation Israel (OpIsrael) campaign. Anonymous, Anonymous Arab, AnonGhost, and Anonymous Arabe collectively targeted government and business websites, defacing approximately 700 domains including the Jerusalem Center For Public Affairs, Honda Israel, and Technion institutions. The attackers systematically leaked stolen credentials through Pastebin, with Anonymous Arab releasing 2,143 Israeli PayPal account details and AnonGhost exposing over 7,000 email-password combinations. Anonymous Arabe escalated the impact by publishing comprehensive personal data of 150,000 Israeli citizens containing names, email addresses, physical locations, and phone numbers. Additional breaches included modem login credentials for 6,000 Israeli modems. Hackread.com’s technical analysis confirmed the authenticity of datasets traced to compromised Israeli web portals such as area.co.il and walla.co.il. The groups announced intentions to sustain attacks through April 20, 2015, maintaining updated lists of defaced websites on Pastebin and Ghostbin platforms.
The incident resulted in one of the largest credential leaks targeting Israeli entities at the time, exposing financial accounts through PayPal compromises and creating identity theft risks via the citizen data dump. Validated datasets included PayPal credentials (pastebin.com/dLGZA3rF), email-password pairs (pastebin.com/Cc0bV0w2), and the mass citizen records (pastebin.com/SqjFw9PW). Operational impacts extended beyond immediate data exposure, as the sustained attack window indicated persistent threats to Israeli online assets. No remediation efforts by affected organizations were documented in available reporting. The campaign demonstrated collaborative capabilities among loosely affiliated hacktivist groups, leveraging stolen authentication data from commercial and institutional platforms to maximize psychological and operational disruption. Attackers maintained public momentum by pre-announcing extended operations through late April 2015.