Cyber Incident Victim: Israeli Government
Date:
Dec 2017
Location:
Israel
Summary
Anonymous conducted #OpUSA and #OpIsrael, breaching Israeli government systems and leaking names, email addresses, passwords, and alleged Mossad agent data. The group targeted both Israeli and U.S. government websites, calling for distributed denial-of-service attacks, defacements, and further data breaches in retaliation for U.S. Middle East policies, particularly the recognition of Jerusalem as Israel's capital. They disseminated decrypted data dumps, defacement page code, and target lists while mobilizing supporters through hashtags #OpUSA, #OpIsrael, and #FreedomInWorld to amplify their campaign against .il and .us domains. The operation framed itself as a protest supporting Palestine and opposing U.S. foreign policy decisions.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 3 motives | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On or around December 8, 2017, the hacktivist collective Anonymous launched coordinated cyber operations designated #OpUSA and #OpIsrael, targeting Israeli and United States government entities. The operations were framed as retaliation against U.S. foreign policy in the Middle East, specifically protesting the Trump administration’s recognition of Jerusalem as Israel’s capital. Anonymous publicly leaked a dataset containing names, email addresses, and passwords purportedly belonging to Israeli public employees, with unverified claims the dump included information on alleged Mossad agents. The collective disseminated download links via MEGA storage with a decryption key and promoted the leak through a post on cyberguerilla.com, urging supporters to amplify the campaign using hashtags #OpUSA, #OpIsrael, and #FreedomInWorld. Concurrently, Anonymous published a target list of U.S. and Israeli government websites, encouraging distributed denial-of-service (DDoS) attacks, defacements, and further data breaches. Technical resources were shared to facilitate these actions, including defacement page source code hosted on Ghostbin. The operation explicitly called for attacks against any .il (Israel) and .us (United States) government-affiliated domains through multiple disruption methods.
The incident resulted in the unauthorized exposure of sensitive personnel information from Israeli government systems, though the exact number of compromised accounts and the authenticity of Mossad-related records remained unconfirmed. Anonymous framed the data dump as proof of successful infiltration, though evidence suggested only limited breaches of targeted entities. The campaign’s broader impact centered on disruption threats, with operational guidance encouraging sustained attacks against critical online infrastructure. No specific details regarding successful DDoS disruptions, defacements, or additional breaches beyond the initial leak were disclosed in available reporting. The collective announced intentions to escalate activities through Cyberguerrilla communications channels, though subsequent developments were not documented in the immediate source material. Targeted systems included undisclosed Israeli government email infrastructure and unspecified U.S. federal web assets listed in operational target lists circulated among participants.