Cyber Incident Victim: Gold Bond Group Ltd.
Date:
Jan 2022
Location:
Israel
Summary
A cyber attack targeted a logistics and port terminal operator, leading to the shutdown of most computer systems and significant operational disruption. The hacktivist group "Hackers of Saviors," linked to Palestinian causes, claimed responsibility and leaked security camera footage and internal system images, suggesting deep network access. Experts estimated recovery could take weeks due to the complexity of restoring interconnected logistics systems, conducting forensic analysis, and managing regulatory responses. The incident highlighted vulnerabilities in non-state-protected critical infrastructure, as the company fell outside mandatory cybersecurity oversight despite its role in port operations. Operational impacts included halted container movements and reliance on manual processes during the outage.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On or around January 31, 2022, Gold Bond Group Ltd., operator of cargo terminals and a robotic logistics center at Israel’s Ashdod port, experienced a cyber attack that forced the shutdown of most computer systems. The company did not publicly disclose the attack’s initial detection method but confirmed operational disruptions. Hackers identifying as "Hackers of Saviors," a pro-Palestinian hacktivist group, claimed responsibility and published photographs allegedly extracted from Gold Bond’s security cameras and internal computer systems. These leaks suggested broader network access than acknowledged by the company, which had not cited cyber threats as a risk factor in its annual report. The attackers’ Telegram channel disseminated propaganda aligning with their stated political motives, though cybersecurity researchers could not independently verify Iranian government ties attributed to the group.
The incident halted container processing at Gold Bond’s terminal due to severed electronic communications with shipping entities, customs, and other ports. Ram Levy, CEO of cybersecurity firm Konfidas, estimated recovery would take weeks given terminals’ reliance on interconnected systems for cargo movement. 10Root co-founder Yossi Sassi corroborated this timeline, noting restoration typically requires 2-3 weeks for system rebuilding, forensic analysis, and public response coordination. Israel’s National Cyber Directorate provided incident response support but clarified Gold Bond lacked critical infrastructure designation, excluding it from state-mandated protections. Check Point researcher Lotem Finkelstein observed the attack’s deviation from prior hacktivist campaigns through its focus on data exfiltration rather than solely disruptive or propaganda objectives. Gold Bond, publicly traded with a market value of approximately $176 million, faced prolonged operational paralysis affecting stakeholders including controlling shareholders the Schmelzer family, Shlomi Fogel, and the Burchard family’s shipping terminals. No ransom demands or data destruction claims were reported in available sources.