Cyber Incident Victim: The Jewish Community of China
Date:
Apr 2015
Location:
Israel
Summary
A cyber operation attributed to collectives including Anonymous, AnonGhost, and affiliated groups compromised approximately 700 Israeli websites, leaking extensive personal and financial data. The attackers exfiltrated over 2,000 PayPal credentials, 7,000 email-password pairs, and sensitive details—including names, addresses, and phone numbers—of 150,000 citizens, alongside modem login credentials for 6,000 devices. Targeted entities spanned government, academic, and commercial sectors, with defacements and data dumps publicly documented. Analysis confirmed the legitimacy of breached data, sourced from prominent local portals. The campaign was part of a coordinated effort with planned continuation over subsequent weeks.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 3 actors | Available to members | Available to members |
Description
The OpIsrael cyber campaign commenced in early April 2015 as multiple hacking collectives executed coordinated attacks against Israeli digital infrastructure. Anonymous-affiliated groups including Anonymous Arab, AnonGhost, and Anonymous Arabe breached approximately 700 websites, with high-profile targets including the Jerusalem Center For Public Affairs, Honda Israel's online presence, and academic institutions like Technion. Attackers simultaneously leaked massive datasets containing Israeli citizens' sensitive information through Pastebin and Ghostbin platforms. Anonymous Arab claimed responsibility for compromising 2,143 PayPal account credentials, while AnonGhost released over 7,000 email-password combinations. The most extensive breach came from Anonymous Arabe, which published personal records of 150,000 Israeli citizens containing full names, physical addresses, email contacts, and telephone numbers. Technical infrastructure vulnerabilities were exploited as evidenced by the leak of modem login credentials for 6,000 Israeli internet modems. Forensic analysis confirmed the legitimacy of multiple datasets, tracing origins to compromised Israeli web portals including area.co.il and walla.co.il.
The attackers announced sustained operations through April 20, 2015, maintaining a public list of defaced websites on Pastebin that served as both tactical documentation and psychological warfare. The campaign's technical impact manifested through three primary vectors: financial compromise via PayPal credential exposure, operational disruption through critical website defacements, and long-term identity theft risks from the mass personal data leak. While no mitigation efforts or organizational responses were documented in available sources, the operational scale suggested significant incident response challenges. The cumulative effect included exposure of payment systems, telecommunications infrastructure, government-affiliated platforms, and private sector entities across multiple industries. Attackers structured leaks into categorized repositories, with PayPal credentials at pastebin.com/dLGZA3rF, email credentials at pastebin.com/Cc0bV0w2, and the comprehensive citizen database at pastebin.com/SqjFw9PW, creating persistent data exposure risks beyond the immediate attack period.