Cyber Incident Victim: Bank Leumi
Date:
Apr 2022
Location:
Israel
Summary
A group allegedly linked to Iran claimed to have compromised an Israeli interbank money transfer system, asserting unauthorized access to personal accounts at a major financial institution. The hackers targeted Bank Leumi's infrastructure as part of their stated breach. Israeli cybersecurity authorities and the central bank operating the network refuted these allegations, confirming no evidence of intrusion into banking systems or customer data. The incident prompted official denials but no verified operational disruptions or financial impacts were reported.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On April 25, 2022, a hacker group allegedly linked to Iran publicly claimed to have compromised the Bank of Israel’s financial transfer infrastructure. The attackers asserted they had penetrated the interbank payment network responsible for processing transactions between Israeli financial institutions. They further alleged unauthorized access to individual customer accounts through this breach, implying potential exposure of personal financial data or disruption of banking operations. The group did not provide verifiable evidence to substantiate their claims at the time of the announcement.
Israeli authorities responded swiftly to the allegations. The National Cyber Directorate, Israel’s primary cybersecurity agency, conducted an immediate investigation in coordination with the Bank of Israel, which operates the national interbank settlement system. Both entities issued public statements denying any evidence of a successful intrusion into banking networks or customer accounts. The Bank of Israel confirmed ongoing monitoring of its systems revealed no anomalous activity indicative of unauthorized access or data exfiltration. No financial institutions, including retail banks utilizing the settlement network, reported disruptions or compromises linked to the alleged attack. The absence of corroborating technical evidence or subsequent data leaks led authorities to treat the incident as an unsubstantiated claim. No further operational impacts or containment measures were documented by official sources following the initial assessment.