Cyber Incident Victim: Israeli CCTV cameras
Date:
Dec 2022
Location:
Israel
Summary
An Iranian hacking group known as Moses Staff compromised dozens of Israeli CCTV cameras, gaining prolonged control over devices near sensitive sites including a defense contractor facility in Haifa and across major cities. The attackers published previously unseen footage from civilian cameras, capturing areas such as an arms facility and the aftermath of a terror attack, while claiming continuous surveillance operations and intent to strike unexpectedly. Security authorities acknowledged awareness of the intrusions but did not intervene, asserting the breached cameras were not linked to critical security infrastructure despite evidence of monitoring targeting senior officials.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 4 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In late 2021, the Iranian-linked threat group Moses Staff compromised dozens of Israeli CCTV cameras, gaining prolonged operational control over these devices. The group publicly demonstrated this access by publishing footage on its Telegram channel, including surveillance recordings from the vicinity of Rafael Advanced Defense Systems’ facility in Haifa and urban areas across Jerusalem and Tel Aviv. Among the leaked materials was previously unseen video of a November terror attack in Jerusalem, captured by cameras operated by a major Israeli security organization. Moses Staff claimed responsibility for hacking security cameras, asserting they had conducted surveillance operations within Israel for years and threatened future attacks at unexpected times. Security officials later confirmed the compromised devices were civilian cameras not integrated with critical security infrastructure, though the group’s published footage included sensitive locations like an arms facility. The hack remained active for an extended period despite authorities’ awareness of the intrusion, with no defensive actions taken to disrupt the group’s access during this phase.
Israeli security agencies acknowledged the breach after Moses Staff’s Telegram releases but emphasized the cameras’ non-critical nature, stating they belonged to civilian systems rather than secured government networks. The full investigative report detailed the group’s surveillance methods, including targeting senior officials through camera compromises. While officials downplayed the incident’s strategic impact due to the civilian classification of affected devices, the published footage demonstrated access to sensitive sites like defense contractor perimeters and security organization assets. Moses Staff’s operational timeline revealed persistent access, with the group maintaining control over cameras during and after the November 2021 terror incident. No containment measures or technical counteractions by Israeli authorities were disclosed in response to the ongoing compromise.