Cyber Incident Victim: The Jerusalem Post
Date:
Jan 2022
Location:
Israel
Summary
Pro-Iranian hackers targeted Israeli media outlets, defacing The Jerusalem Post's website and hijacking a sister publication's Twitter account with threatening messages in English and Hebrew accompanied by imagery of a destroyed nuclear facility and a fist firing a shell from a ring resembling one worn by slain Iranian commander Qasem Soleimani. The attack, described as a perception-oriented influence operation linked to ongoing nuclear negotiations, caused temporary disruption to website access but was characterized as a shallow psychological act rather than a critical infrastructure breach. Former cybersecurity officials suggested the incident reflected broader cyber conflict trends below the threshold of open warfare, with media platforms serving as symbolic targets to amplify geopolitical messaging.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On January 3, 2022, at approximately 2:00 AM Israel time, the website of The Jerusalem Post was compromised by hackers who replaced its homepage with an image depicting a model of Israel’s Dimona nuclear facility being destroyed. The defacement included a bilingual message in English and Hebrew stating, “We are close to you where you do not think about it.” Simultaneously, the Twitter account of Maariv, a Hebrew-language newspaper, was hijacked and displayed similar imagery—a fist firing a shell from a ring with a red stone toward an exploded dome, accompanied by the same threatening text. The attack coincided with the second anniversary of the US drone strike that killed Iranian General Qasem Soleimani, a detail reinforced by the ring imagery, which aligned with Soleimani’s known accessories. The Jerusalem Post’s website remained inaccessible for several hours, while Maariv deleted the unauthorized tweet and had not resumed normal Twitter activity by noon that day.
Former IDF cyber chief Brig.-Gen. (res.) Yaron Rosen characterized the incident as a “perception-oriented” influence operation timed to impact nuclear negotiations in Vienna, dismissing the Soleimani references as a secondary theme to Iran’s broader strategic goals. He described the attack as “shallow,” causing temporary disruption and psychological impact but no lasting infrastructure damage. Rosen noted that media outlets like The Jerusalem Post and Maariv were targeted due to their visibility within Israel’s small media landscape, making them effective platforms for such operations. He contrasted this with higher-risk threats to critical infrastructure, citing a late-2021 cyberattack on an Israeli hospital as an example of more severe targeting. While no explicit attribution was confirmed, Rosen contextualized the incident within ongoing cyber activities between Iran and Israel, emphasizing that such operations remain below the threshold of open warfare. The Jerusalem Post restored its website functionality within hours, and no additional technical impacts or data breaches were reported.