Cyber Incident Victim: Israel Water Authority
Date:
Apr 2020
Location:
Israel
Summary
An attempted cyberattack targeting Israeli water utilities was linked to Iran by foreign intelligence officials, aiming to disrupt water supplies in at least two locations during the country's efforts to contain a COVID-19 outbreak. The attack was detected and thwarted before causing operational damage, but authorities assessed it as a potential escalation in hostilities, reflecting increased boldness by the perpetrator in targeting critical infrastructure.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In late April 2020, foreign intelligence officials attributed an attempted cyberattack on Israeli water utilities to Iran. The incident occurred over two days—April 24 and 25—targeting water supply systems in at least two Israeli locations. Authorities assessed the operation aimed to disrupt critical water infrastructure while Israel was managing its COVID-19 pandemic response. The attackers sought to compromise operational technology controlling water distribution networks, though specific intrusion methods weren’t disclosed in available reporting. No service interruptions or infrastructure damage resulted from the attempt, as defensive measures prevented adversarial access to critical control systems. The timing coincided with heightened regional tensions and public health challenges, though intelligence officials didn’t specify whether pandemic conditions directly influenced target selection.
Israeli cybersecurity personnel detected the intrusion attempts in real time and implemented immediate containment protocols. Technical countermeasures neutralized the attack vectors before attackers achieved operational objectives, with no reported lateral movement within water authority networks. Post-incident forensic analysis confirmed Iranian state-sponsored involvement through digital signatures and infrastructure overlaps with known threat groups. The Water Authority maintained normal operations throughout and after the incident without implementing public advisories. Israeli officials characterized the event as a significant escalation in Iranian cyber aggression against civilian critical infrastructure. They noted the incident demonstrated improved defensive capabilities but raised concerns about future attacks against water, power, and healthcare systems during national emergencies.