Cyber Incident Victim: Isaac Herzog
Date:
Oct 2023
Location:
Israel
Summary
President Isaac Herzog's Telegram account was compromised in a suspected criminal hack, prompting an investigation by Israel's Shin Bet security agency. The breach was contained without information leakage, and control of the account was restored. Cybersecurity experts noted that such attacks often involve phishing techniques to extract sensitive data. This incident occurred amid a series of cyberattacks targeting Israeli institutions, including healthcare providers, universities, and cybersecurity firms, attributed to groups like OilRig and Anonymous Sudan, which hijacked websites and harvested user credentials.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On October 4, 2023, President Isaac Herzog’s Telegram account was compromised in a suspected criminal hacking incident. The President’s Residence publicly disclosed the breach on October 5, confirming Israel’s Shin Bet security agency had assumed control of the investigation. Officials stated the account was restored to the president’s control following the intrusion, emphasizing no sensitive information was believed to have been leaked. While the exact method of compromise was not detailed, cybersecurity expert Dr. Gilad Leibovitch of the Technion highlighted that such attacks typically aim to harvest high-level intelligence through phishing techniques. Leibovitch explained hackers often impersonate trusted entities or mimic official communications from platforms like Telegram to deceive targets into divulging credentials. He noted enabling two-step verification could reduce vulnerability to such exploits. The incident marked a high-profile breach within Israel’s political leadership, though authorities characterized it as isolated and contained.
This event occurred amid a broader pattern of cyberattacks targeting Israeli entities. In late September 2023, Slovak cybersecurity firm ESET revealed Iranian group OilRig had hijacked legitimate websites during 2021-2022 campaigns against Israeli organizations, harvesting browsing histories, cookies, and login credentials. Affected sectors included healthcare, employment portals, and human resources platforms. Separately, in April 2023, hacker collective "Anonymous Sudan" disrupted operations at Check Point, a leading Israeli cybersecurity firm, and temporarily disabled websites of seven major universities, including Tel Aviv University and the Hebrew University of Jerusalem. These distributed denial-of-service attacks caused multi-hour outages, impacting academic and research portals but without reported data exfiltration. The Herzog incident underscored persistent threats to Israeli digital infrastructure across governmental, corporate, and educational sectors.