Cyber Incident Victim: Reichman University
Date:
Apr 2023
Location:
Israel
Summary
A cyberattack by the group 'Anonymous Sudan' targeted Reichman University's website, causing it to become unavailable for browsing as part of a larger DDoS campaign against the Israeli education sector. The incident, which also briefly impacted a major cybersecurity firm, was claimed to be retaliation and part of a broader OPIsrael operation. The attack was characterized as a service-disrupting event that did not involve data theft, with normal operations resuming after several hours.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On the morning of April 4, 2023, a hacker group identifying itself as "Anonymous Sudan" initiated a series of cyberattacks targeting the online infrastructure of multiple major Israeli universities. The distributed denial-of-service (DDoS) attacks rendered the official websites of these institutions unavailable for browsing. The affected universities included Tel Aviv University, the Hebrew University of Jerusalem, Ben-Gurion University of the Negev, Haifa University, the Weizmann Institute of Science, the Open University of Israel, and Reichman University. The websites remained down and inaccessible for several hours as a result of the attack traffic. The group publicly claimed responsibility for these actions on its Telegram channel, listing the targeted sites and stating the motivation for the attack was related to the Israeli education sector's actions in Palestine.
Later that same afternoon, the same threat actor shifted its focus to one of Israel's largest cybersecurity companies, Check Point. The group launched a large-scale DDoS attack against Check Point's public-facing website. The attack involved generating a huge volume of requests in an attempt to overwhelm the site's infrastructure and disrupt access for legitimate users. For a brief period, the website was taken down and became unavailable. However, the disruption was short-lived. After a few minutes, the website returned to normal operational status. The company's spokesperson confirmed the event, stating that all of the company's sites were functioning well despite the large-scale attack directed at them.
Check Point's response to the incident was detailed in a public statement. The company characterized its website as being protected against DDoS attacks at the highest level and described it as one of the strongest websites in the world. The statement attributed the brief disruption to the immense volume of requests used by the hackers, which affected the ability to reach the site for a few minutes. The company credited its existing protective measures for ensuring the site quickly resumed normal operation and emphasized that the site was not damaged by the attack. The company's infrastructure successfully mitigated the incoming malicious traffic.
Concurrently, the hacker group Anonymous Sudan published further statements on its Telegram account. The group declared that the attacks on the universities and Check Point were not its main operation, suggesting a more significant attack was planned for April 7, 2023. It was reported that the group also briefly targeted websites associated with several Israeli medical centers, including Rambam Hospital in Haifa. However, the hospital subsequently denied that it had been successfully attacked or that its systems were penetrated.
The incident was identified as being part of a broader campaign known as OPIsrael, where activist groups coordinate attacks against Israeli internet targets. According to cybersecurity firm Check Point, the attacks conducted on April 4 were specifically service-preventing attacks, a type of DDoS attack designed to bring down websites without stealing information. The company noted that recovery from such attacks is relatively straightforward. However, Check Point also provided context to Israeli media, suggesting that groups involved in these campaigns often attempt to escalate their activities to produce more significant impacts, including ransomware attacks and data theft operations. The extent to which the attacks penetrated the internal systems of the targeted universities was not immediately clear from the available public statements.
The primary impact of the incident was the temporary loss of availability for the public websites of seven major Israeli universities, including Reichman University, for a period of several hours. This disruption likely affected prospective students, current students, faculty, and staff attempting to access information and online resources. The secondary impact was the very brief interruption of service for Check Point's website, which was restored within minutes due to robust defensive measures. The attacks were claimed to be politically motivated, with the threat actor citing the Israeli-Palestinian conflict as the central reason for targeting the education sector. The overall consequence was a demonstration of vulnerability to basic DDoS attacks, though the defensive response from a critical private sector entity proved effective.