Cyber Incident Victim: Mass Transit System Ltd

On or around July 4, 2022, Iranian state-affiliated media outlet Fars News Agency reported a cyberattack targeting operating systems and servers of a company involved in constructing the Tel Aviv metro system. The attack occurred amid ongoing political debates in Israel regarding the metro infrastructure project. Palestinian militant group Sabareen claimed responsibility for the intrusion through a message on its Telegram channel. Fars News Agency initially framed the incident as a direct attack on the Tel Aviv Metro itself but later clarified the breach impacted one of its construction contractors. The Jerusalem Post cast doubt on the authenticity of the reports, suggesting Iran might be disseminating propaganda by amplifying unverified claims through media channels.

This incident followed an earlier cyberattack in late June 2022 attributed to Iraqi hacker group Al-Tahera, which reportedly targeted Israeli government websites and servers according to Fars. Sabareen’s Telegram statement also referenced Al-Tahera’s activities, alleging the group separately attacked an Israeli digital intelligence agency. No technical details about attack vectors, data exfiltration, or operational disruptions to the metro project were disclosed in available reports. Similarly, no statements from the affected company or Israeli authorities regarding incident response, containment measures, or forensic investigations were documented. The limited public information centered on conflicting claims between Iranian-aligned media and Israeli skepticism about the attack’s scope and origins.