Cyber Incident Victim: University of Haifa

On the afternoon of April 4, 2023, a coordinated series of cyberattacks targeted multiple Israeli academic institutions and a major cybersecurity company. The hacker group "Anonymous Sudan" claimed responsibility for these actions through a statement published on its Telegram channel. The group's stated motivation was a retaliatory measure against the Israeli education sector, citing actions in Palestine. The attacks were part of a broader campaign known as OPIsrael, where activists coordinate to target Israeli internet infrastructure.

The initial wave of attacks focused on the websites of several major universities. The impacted institutions included Tel Aviv University, the Hebrew University of Jerusalem, Ben-Gurion University of the Negev, Haifa University, the Weizmann Institute of Science, the Open University of Israel, and Reichman University. These websites were rendered unavailable for browsing and remained down for a period of several hours. The nature of the attack was a Distributed Denial of Service (DDoS), which functions by overwhelming a target website with a massive volume of requests, making it inaccessible to legitimate users.

Later that same afternoon, the attack expanded to include Check Point Software Technologies Ltd., one of Israel's largest cybersecurity firms. The company's website was briefly taken down by the same threat actor. However, the disruption to Check Point's online presence was short-lived. After only a few minutes, the website returned to normal operation. A spokesperson for Check Point confirmed the incident, stating that all of the company's sites were functioning well despite the large-scale attack. The spokesperson emphasized that the company's website was protected against DDoS attacks at a high level and described it as one of the strongest websites globally.

According to the technical assessment provided by Check Point, the hackers utilized a huge amount of requests to momentarily affect the ability of users to reach the site. The company's defensive protections were credited with mitigating the attack quickly, ensuring the site resumed normal operation without sustaining damage. The hacker group itself published a list of the sites it attacked and indicated that the events of April 4th were not its main effort. The group announced that a more significant attack was planned for April 7th, though the nature of this future attack was not specified. It was also reported that the group briefly targeted websites associated with several medical centers, including Rambam Hospital in Haifa. The hospital, however, publicly denied that it had been attacked.

The overall impact of the incident was characterized by cybersecurity experts as service-preventing attacks. These types of attacks are designed solely to bring down websites and disrupt public access rather than to penetrate systems to steal information or data. Consequently, recovery from such an attack is considered relatively straightforward compared to more intrusive breaches. The immediate consequence was the temporary unavailability of critical public-facing websites for multiple educational institutions, potentially disrupting online information access, communication, and services for students, faculty, and the public.

The response from the affected entities varied. Check Point issued a public statement detailing the attack and the effectiveness of their defenses. Other institutional responses were not detailed in the available reporting. The cyber security firm provided further context to media, noting that while these specific attacks were primarily disruptive, it can be assumed that such groups often aim to produce more significant attacks in the future. These could include ransomware attacks or operations focused on data theft, indicating a potential escalation in tactics beyond simple website takedowns. The incident served as a visible demonstration of the ongoing OPIsrael campaign and highlighted the persistent threat of DDoS attacks against critical online infrastructure.