Cyber Incident Victim: Maariv
Date:
Jan 2022
Location:
Israel
Summary
Pro-Iranian hackers targeted Israeli media outlets, defacing a major newspaper's website and hijacking another's Twitter account with threatening messages in English and Hebrew accompanied by imagery of an exploding nuclear facility and a fist wearing a red-stone ring. The attack, which caused temporary disruption to digital services, coincided with the anniversary of a prominent Iranian military commander's death and was assessed by experts as a psychological influence operation aimed at impacting nuclear negotiations. Cybersecurity analysts characterized the incident as a shallow but perceptually impactful attack, emphasizing its alignment with ongoing cyber campaigns below the threshold of warfare while highlighting broader concerns about critical infrastructure vulnerabilities.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On January 3, 2022, at approximately 2:00 AM Israel time, the Jerusalem Post’s website was compromised by hackers who replaced its homepage with an image depicting a model of Israel’s Dimona nuclear facility being destroyed. Accompanying text in English and Hebrew stated, “We are close to you where you do not think about it.” Concurrently, the Twitter account of Israeli newspaper Maariv was hijacked, displaying a similar graphic of a fist wearing a ring with a red stone firing a shell toward an exploding dome, alongside identical threatening text. The attacks coincided with the second anniversary of the U.S. drone strike that killed Iranian General Qasem Soleimani, whose public appearances often featured a ring resembling the one depicted in the hack. Jerusalem Post’s website remained inaccessible for several hours, while Maariv regained control of its Twitter account by noon that day, deleting the unauthorized post. No data theft or persistent system damage was reported, though both outlets experienced temporary disruption to their digital platforms.
Former IDF cyber chief Brig.-Gen. (res.) Yaron Rosen characterized the incident as a perception-oriented influence operation linked to Iran’s strategic objectives during nuclear negotiations in Vienna. He emphasized the psychological intent of the defacement, noting its limited technical sophistication and absence of critical infrastructure impact. Rosen assessed that media outlets were targeted due to their role in shaping public opinion within Israel’s small media landscape, amplifying the symbolic effect. The attack’s timing leveraged heightened geopolitical tensions, though Rosen clarified that such cyber operations remain below the threshold of conventional warfare. Restoration efforts focused on regaining platform control without disclosed technical countermeasures. Rosen warned of escalating cyber threats against critical infrastructure and businesses, urging collaborative defense between private entities and government agencies like Israel’s National Cyber Directorate. The incident underscored ongoing adversarial cyber activities between nation-states, with media platforms serving as visible but operationally shallow targets for psychological disruption.