Cyber Incident Victim: Israeli Government
Date:
Oct 2023
Location:
Israel
Summary
Hackers briefly compromised digital billboards in Israel, displaying pro-Hamas imagery and altering commercial content. Concurrently, a cyberattack breached a Tel Aviv-area academic institution, leaking personal records of approximately 250,000 individuals, including students and staff, forcing the college to take systems offline. These incidents occurred amid broader cybersecurity threats targeting Israeli entities during ongoing hostilities, with over 40 groups reportedly attempting disruptive actions such as website defacements, distributed denial-of-service attacks, and threats against critical infrastructure. While most attacks caused limited operational disruption, actors emphasized psychological impact and fear through digital intrusions rather than extensive physical damage. The institution involved in the data breach collaborated with national cybersecurity authorities to address the incident.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On October 12, 2023, hackers breached two smart billboards operated by CTV Media Israel in or near Tel Aviv, temporarily replacing commercial content with pro-Hamas imagery. The intrusion lasted only a few minutes but displayed footage depicting the Israeli flag under attack, scenes from Gaza, and messages opposing Israel. CTV Media CEO Eilon Rosman attributed the breach to a momentary network opening that allowed immediate penetration. Cybersecurity firm Check Point Software Technologies, based in Tel Aviv, confirmed the incident through its chief of staff Gil Messing, who characterized the hack as resulting in "anti-Israeli, pro-Hamas footage." Messing noted this occurred amid increased cyber activity following the outbreak of the Israel-Hamas conflict on October 7, though he described the billboard compromise as "very marginal" compared to broader threat patterns. Check Point's monitoring indicated most conflict-related cyber incidents involved website defacements or short-duration distributed denial-of-service (DDoS) attacks rather than physical system breaches. The company had observed over 40 groups threatening or attempting cyberattacks across various platforms including Telegram and dark web forums, with some threats targeting critical infrastructure like Mekorot, Israel's national water utility. These groups primarily sought to instill fear rather than cause substantial operational damage according to analysts.
A more severe cyber incident occurred on October 9 when attackers claiming Jordanian affiliation breached Ono Academic College near Tel Aviv, exfiltrating and publishing approximately 250,000 personal records on Telegram. The leaked data included sensitive information from current and former students, faculty, and staff. The college disabled its IT systems following the breach and initiated an investigation with assistance from Israel's National Cyber Directorate and privacy regulators. In an official statement, the institution confirmed the data leakage and projected full system restoration within several days. Check Point assessed this as the most significant cyberattack in Israel during that week, with Messing explicitly labeling it "a significant attack." The breach compelled widespread system outages affecting institutional operations while exposing personal data across public channels. Both incidents exemplified heightened cyber threat activity during the early stages of the Israel-Hamas conflict, though impacts ranged from temporary visual propaganda displays to substantial data compromise requiring institutional shutdowns and regulatory intervention.