Cyber Incident Victim: Kingdom of Bahrain
Date:
Nov 2023
Location:
Bahrain
Summary
A cyberattack by the group Al-Toufan temporarily disrupted access to two Bahraini government ministry websites, purportedly in retaliation for the kingdom's stance on the Israel-Hamas conflict. The attackers leaked passport details of American citizens and a Russian diplomat, claiming the breach targeted the ruling family's statements. The government acknowledged the incident but stated operations were unaffected, emphasizing its cybersecurity measures and ongoing restoration efforts. Al-Toufan has previously targeted the nation's digital infrastructure during politically sensitive periods, including elections and anniversaries of domestic unrest. The incident occurred amid Bahrain's diplomatic ties with Israel and its hosting of the U.S. Navy's 5th Fleet, factors contributing to regional tensions.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On November 21, 2023, the websites of Bahrain’s Foreign Ministry and Information Affairs Ministry became temporarily inaccessible following a cyberattack claimed by a group identifying itself as Al-Toufan ("The Flood" in Arabic). The attackers issued an online statement asserting responsibility for disrupting both ministries’ websites, linking the action to Bahrain’s stance on the Israel-Hamas war. The group referenced "abnormal statements" by Bahrain’s Al Khalifa ruling family as motivation, though specifics were not detailed. This coincided with Crown Prince Salman bin Hamad Al Khalifa’s recent public call for a hostage-prisoner exchange between Hamas and Israel during a summit. Alongside the disruption claims, Al-Toufan released scanned passports of American citizens and a senior Russian diplomat stationed in Bahrain, purportedly obtained through the breach. Bahrain’s government confirmed the cyberattacks in a statement to The Associated Press, noting multiple government agency websites were targeted but emphasizing that operations remained unaffected. Authorities activated their preexisting cybersecurity strategy to contain the incident, with restoration efforts underway to reinstate access to the compromised sites.
This incident aligns with Al-Toufan’s prior activities, including a February 2023 attack that disrupted Bahrain International Airport’s website, the state news agency, and the chamber of commerce, timed to the 12-year anniversary of the Arab Spring uprising in Bahrain. The group also targeted government websites during the 2022 elections, which opposition groups boycotted. Bahrain’s 2020 diplomatic normalization with Israel, conducted alongside the UAE, and its hosting of the U.S. Navy’s 5th Fleet have drawn sustained criticism from Iran, a regional adversary. The government’s response highlighted its reliance on established cybersecurity protocols to mitigate operational impacts, though the breach exposed sensitive foreign national data and temporarily impaired public access to key ministerial services. No further technical details about the attack vectors or data exfiltration scope were disclosed by authorities.