Cyber Incident Victim: Port of Bandar Abbas
Date:
May 2025
Location:
Iran
Summary
A cyberattack disrupted computer systems at an Iranian port, reportedly causing more significant damage than acknowledged by Iranian officials, who claimed only private operating systems were affected. The incident was linked to Israel as presumed retaliation for an earlier attempted cyberattack on Israeli rural water distribution infrastructure, which targeted several facilities but was thwarted before causing major harm. Iranian hackers allegedly used American servers in the water system intrusion attempt, prompting immediate Israeli cybersecurity responses including password changes and system shutdowns. Foreign officials characterized the port attack as highly accurate, contradicting Iran's downplayed assessment of the impact.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 5 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On or around May 9, 2020, a cyberattack disrupted computer systems at Iran’s Shahid Rajaee Port, causing operational disturbances. The Washington Post, citing unnamed U.S. and foreign government officials, reported the incident was linked to Israel and constituted a retaliatory operation. This followed an earlier attempted cyberattack in April 2020 targeting rural water distribution systems in Israel, which Iranian actors were suspected of orchestrating. Iranian officials publicly downplayed the port attack’s severity; Mohammad Rastad, managing director of Iran’s Ports and Maritime Organization, asserted the attack failed to penetrate the organization’s core computers and only affected a limited number of private operating systems. However, a foreign government security official contradicted this account, describing the port attack as "highly accurate" and asserting the damage exceeded Iranian official statements. The Post characterized the port disruption as causing more significant harm than Iranian authorities acknowledged, though specific technical details of the intrusion or exact operational impacts were not disclosed.
The retaliatory action stemmed from an April 2020 cyber intrusion attempt against Israel’s water infrastructure, which targeted multiple Water Authority facilities. According to officials familiar with the incident, Iranian hackers leveraged American servers to launch this attack, which aimed to compromise water distribution systems but was thwarted before causing major damage. Israeli cybersecurity personnel responded by directing affected sites to change passwords, implement breach containment measures, and temporarily take some systems offline. Daniel Lacker, head of the Water Authority’s security department, confirmed receiving reports of the cyberattack but noted no damage occurred during the incident. The Water Authority emphasized that attempted cyber intrusions were routine and addressed by specialized teams. Israeli officials did not publicly comment on the Shahid Rajaee Port operation when approached by Reuters regarding the Post’s report.