Cyber Incident Victim: Israeli Government

On April 14, 2023, a significant cyberattack targeted multiple Israeli websites and online services. The websites of Israel's banks, the national post office, the electricity company, and the Red Alert warning application were struck, with some sites experiencing outages and being taken offline. The hacker group known as "Anonymous Sudan" claimed responsibility for the attack via their Telegram channel. They explicitly listed their targets as Israel Post, Bank Leumi, Discount Bank, Mizrahi-Tefahot, Bank Mercantile, Bank Benleumi (First International Bank of Israel) and its subsidiaries Bank Otzar Ha-hayal and Bank Massad. Israel Post confirmed their site was the victim of a Denial of Service (DoS) attack, which resulted in a temporary loss of access to the site. Later in the day, around 5 p.m., the hackers expanded their targets to include the websites of Israeli phone providers, announcing their intentions on Telegram by writing "we still have two hours before the sunset prayer, during which we will attack everything in Israel."

The attempted cyberattacks on the Israeli bank websites were identified and stopped by the National Cyber Directorate. The Directorate issued a statement noting that due to the banks' strong cyber defenses, their websites remained live and operational, experiencing only occasional interruptions. It was clarified that the cyberattacks were limited to the banks' marketing pages and were not related to their internal banking systems, which remained secure and unaffected. This incident coincided with Quds Day, an annual holiday observed in Iran and among Shi'ite Muslim communities across the Middle East. Prior analysts and experts had warned of the increased danger of cyberattacks targeting Israel on this date. Osher Ashur, cyber manager at the Auren consulting firm and a cyber adviser to Israel's Defense Ministry, noted that anti-Israel groups were exploiting Quds Day to attack financial targets, branding the day as a "Black Friday to Israel's economy" in an attempt to harm the nation's financial standing and credit rating.

This was not the first recent cyber activity attributed to Anonymous Sudan. Earlier in the same month, the group had claimed a cyberattack against the Israeli cybersecurity company Check Point. That attack occurred on the same day that the websites of multiple major Israeli universities were also attacked and taken offline for several hours. Those prior attacks were part of a broader campaign known as OPIsrael, an annual event in which activists attempt to coordinate attacks on Israeli internet targets throughout the month of April. The National Cyber Organization had issued warnings the previous week about a anticipated increase in cyber attack attempts by anti-Israeli hackers during the month of Ramadan.

Just days before the April 14th bank attacks, on April 9th, a separate cyber incident impacted physical infrastructure in northern Israel. Several water monitors responsible for controlling irrigation systems and wastewater treatment systems were rendered dysfunctional following a cyber attack. The attack specifically damaged water controllers used for irrigating fields in the Jordan Valley and also targeted control systems operated by the Galil Sewage Corporation. Management for both systems worked throughout the day to address the issue and restore full operations, though the precise source of this attack remained unknown. Farmers in the Upper Galilee and Hula Valley regions had received warnings several days prior about suspicions of a planned cyber attack. As a result of these warnings, some farmers preemptively disconnected the remote control functionality of their irrigation systems, switching to manual operation to prevent potential harm. Those who did not heed the warning and left their systems on remote control were the ones impacted by the attack. Niv Yona, research department manager at the cyber defense company Cyberizen, emphasized the significant potential for damage from such attacks, noting that the compromise of thousands of water monitors in the Hula Valley region had a direct physical impact on agricultural areas, moving beyond creating fear to causing tangible disruption. The attacks on media agencies, medical websites, government websites, and university websites throughout the preceding week were also attributed to the ongoing OPIsrael campaign, highlighting a sustained period of cyber threats against a wide array of Israeli targets.