Cyber Incident Victim: Bank Leumi
Date:
Jun 2021
Location:
Israel
Summary
A cyberattack targeted an Israeli bank's websites, attributed to the anti-Israel hacker group DragonForce, which claimed involvement. The attackers employed a distributed denial-of-service (DDoS) method, flooding systems with high-volume traffic—reportedly peaking around 200 megabits per second—to disrupt services and cause slowdowns. The group also leaked purported data containing Israeli student information. While the attack impacted external-facing websites, the institution stated these were hosted on separate government servers and disconnected from core operational systems, preventing broader compromise. The incident prompted defensive preparations due to prior warnings, limiting overall operational damage despite temporary service interruptions.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In late June 2021, hundreds of Malaysian hackers associated with the anti-Israel group DragonForce launched a coordinated cyberattack targeting Israeli banking websites over a weekend. The attackers executed a distributed denial-of-service (DDoS) campaign aimed at overwhelming bank systems with approximately 200 megabits per second of malicious traffic, causing significant service disruptions across multiple financial institutions. The assault occurred in waves, with the most intense wave hitting late Friday night. By Saturday morning, Bank Israel's website came under renewed attack, with some evidence suggesting system impairment. Attackers published screenshots purportedly showing crashed bank computers, though some claims were later disputed as fabricated. The primary objective was to disrupt banking services and attempt to take websites offline through volumetric traffic flooding rather than data exfiltration.
Banking sector sources confirmed the attacks caused widespread slowdowns and temporary service denials across multiple bank portals. DragonForce simultaneously leaked a file containing purported personal details of hundreds of thousands of Israeli students during the incident. Defensive measures were implemented after advance warnings of the attack, with experts noting the attackers publicly announced their intentions beforehand. Bank Israel clarified its public-facing websites operate on separate government servers disconnected from core banking systems, minimizing operational impact. The institution acknowledged routine DDoS attempts against its external sites and government portals, stating such attacks are typically blocked without affecting critical infrastructure. No evidence emerged of compromised customer accounts or transactional systems during this incident.