Cyber Incident Victim: Ministry of Health
Date:
Jul 2022
Location:
Israel
Summary
A cyberattack disrupted access to the Israeli Health Ministry's website for overseas users while domestic access remained functional. The pro-Iranian hacking group Altahrea Team claimed responsibility, citing retaliation for Israeli military actions in Gaza and support for sanctions against Iran. The incident involved a Distributed Denial of Service (DDoS) attack, consistent with the group's prior assaults on other Israeli government and defense websites, temporarily overwhelming servers without enabling data theft. Mitigation efforts included blocking foreign server requests to restore service. The attack was managed by the ministry and the national e-Government unit, with impacts limited to intermittent accessibility issues for international users seeking health-related information.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On July 17, 2022, Israel's Ministry of Health reported a cyberattack disrupting overseas access to its official website while maintaining functionality for domestic users. The incident caused intermittent blocking of international connections to the site, which provided critical English-language COVID-19 health guidelines for travelers alongside general public health information. Technical response efforts were coordinated between the ministry and the national e-Government unit, responsible for maintaining government web infrastructure. A pro-Iranian hacking collective called Altahrea Team, operating from Iraq, claimed responsibility through their Telegram channel, citing retaliatory motives for Israeli military strikes in Gaza that weekend and broader grievances including Israel's support for international sanctions against Iran and backing of Ukraine against Russia. The group explicitly threatened further targeting with the statement "Now you are in our sights," aligning their actions with regional geopolitical tensions.
The attack followed a pattern established by Altahrea Team, which had previously claimed Distributed Denial of Service (DDoS) attacks against Jerusalem and Tel Aviv municipal websites and defense contractor Rafael earlier that same week. While the Health Ministry did not disclose technical specifics, the Israel Internet Association confirmed the incident's characteristics matched prior DDoS attacks where servers were overwhelmed by coordinated connection requests from abroad—a method that disrupts access without enabling data breaches. This explained the geographical access restriction, as mitigation typically involves temporarily blocking foreign traffic. The group had demonstrated similar capabilities in April 2022 by temporarily disabling the Israel Airports Authority website. Historical context included Iran-associated cyber operations against Israeli targets, notably a 2020 attack on water infrastructure, though no direct Iranian state involvement was cited in this incident. Domestic services remained operational throughout, with no reported data compromise or secondary impacts beyond temporary accessibility issues for international users.