Cyber Incident Victim: Bank Hapoalim
Date:
Jun 2021
Location:
Israel
Summary
A distributed denial-of-service (DDoS) attack targeted multiple Israeli banking websites, including Bank Hapoalim, during a weekend operation by the anti-Israel hacker group DragonForce. The attackers flooded systems with traffic peaking at approximately 200 Mbps, causing service slowdowns and disruptions across banking platforms. Concurrently, the group leaked personal data purportedly belonging to hundreds of thousands of Israeli students. While the attackers claimed successful disruptions through published screenshots, the impacted institutions maintained that external websites operated on separate government servers, preventing operational system compromises. The incident primarily aimed to overwhelm infrastructure rather than steal sensitive financial information.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On June 25, 2021, Israeli banking websites, including Bank Hapoalim, experienced a coordinated cyberattack during a weekend operation attributed to the Malaysian hacker group DragonForce. The attackers executed a distributed denial-of-service (DDoS) campaign targeting multiple Israeli financial institutions, flooding their external websites with approximately 200 megabits per second of malicious traffic to overwhelm systems and disrupt public access. The assault occurred in multiple waves, with the most intense phase concentrated during late Friday night. DragonForce, an anti-Israeli collective, publicly claimed responsibility and announced their intentions in advance, enabling targeted banks to implement defensive preparations. The group supplemented their attacks by publishing screenshots allegedly depicting crashed banking systems, though some evidence was later assessed as fabricated. Concurrently, they leaked a file containing purported personal data of hundreds of thousands of Israeli students, amplifying the incident's psychological impact. Technical experts involved in defending the banking systems confirmed the attack methodology focused exclusively on service disruption rather than data exfiltration or network infiltration. Bank of Israel's external websites were among the targets during Saturday morning operations, though its critical infrastructure remained segregated from these public-facing assets.
The sustained DDoS traffic caused significant service degradation across all targeted banking platforms, resulting in slowed response times and intermittent accessibility for customers throughout the attack period. Banking representatives confirmed the volumetric assault generated thousands of simultaneous requests, straining web infrastructure but failing to penetrate core banking systems. DragonForce's operational transparency included pre-attack announcements and real-time claims of success via online channels, though forensic analysis suggested discrepancies between their published evidence and actual system impacts. Bank of Israel issued an official statement clarifying that its public websites reside on separate government-hosted servers isolated from operational banking networks, minimizing systemic risk. The institution characterized such DDoS attempts as routine occurrences that are systematically neutralized without compromising financial operations or customer data. No financial losses or data breaches affecting transactional systems were substantiated despite the prolonged disruption to public web services. The incident concluded with service restoration following mitigation efforts by banking cybersecurity teams, who leveraged the advance warning to deploy defensive measures against the anticipated attack volume.