Cyber Incident Victim: Technion – Israel Institute of Technology
Date:
Apr 2023
Location:
Israel
Summary
A cyberattack by the group 'Anonymous Sudan' targeted the Technion Center for Structural Biology as part of a broader campaign against Israeli universities and institutions. The incident involved a distributed denial-of-service (DDoS) attack that briefly disrupted website availability. The group claimed the attack was retribution for actions in Palestine and stated this was a precursor to a larger planned attack. The victim's website was restored to normal operation shortly after the disruption.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On the afternoon of April 4, 2023, a hacker group identifying itself as "Anonymous Sudan" initiated a series of cyberattacks against Israeli online infrastructure. The initial wave of these attacks targeted the websites of multiple major academic institutions across Israel. The affected universities included Tel Aviv University, the Hebrew University of Jerusalem, Ben-Gurion University of the Negev, Haifa University, the Weizmann Institute of Science, the Open University of Israel, and Reichman University. These websites were rendered unavailable for browsing and remained down for a period of several hours as a direct result of the attack. The group publicly claimed responsibility for these actions on its Telegram channel, publishing a list of the sites it had attacked. In its statement, the group provided a justification for the attack, writing, "Infrastructure: Universities - Israel education sector has been dropped Because of what they did in Palestine."
Later that same afternoon, the attack expanded to include one of Israel's largest cybersecurity companies, Check Point. The website of Check Point was taken down by the same group. The incident, however, was brief. After a short while, the Check Point website appeared to return to normal operation. A spokesperson for Check Point provided a statement addressing the event, confirming that the company's sites had been subjected to a large-scale attack but were all functioning well. The spokesperson characterized the attack as a Distributed Denial of Service (DDoS) incident, noting that the hackers had employed a huge volume of requests to briefly affect the ability of users to reach the site. The statement emphasized the defensive measures in place, describing the company's website as protected at the highest level and "one of the strongest websites in the world." The company credited these protections for the site's rapid return to normal operation and stated that it was not damaged by the attack.
Beyond the education and cybersecurity sectors, the attacks also briefly touched the healthcare sector. According to reports from Check Point, the Anonymous Sudan group also launched attacks against websites related to several medical centers. This included an attack targeting the website of Rambam Hospital in Haifa. The hospital, however, subsequently denied that any such attack had successfully impacted its systems or operations.
The broader context of these incidents was part of a coordinated campaign identified as OPIsrael, in which activist groups attempt to target Israeli internet assets. The hacker group itself indicated that the attacks carried out on April 4th were not its primary effort. In its Telegram statement, the group added that its main attack was scheduled to occur three days later, on April 7th. It was not clear from the available reports whether any of the attacks on the university websites managed to penetrate beyond the public-facing sites and into the institutions' internal systems.
The technical nature of the attacks was identified by cybersecurity firm Check Point as service-preventing attacks, specifically DDoS attacks. These types of attacks are designed to overwhelm a website with traffic, rendering it inaccessible to legitimate users. Check Point noted to media that such attacks typically only bring down websites and do not involve the theft of information, and that recovery from them can be achieved relatively easily when compared to other forms of cyber intrusion. However, the firm also provided analysis suggesting that groups involved in these campaigns may be attempting to develop capabilities for more significant and damaging attacks in the future, including those involving ransomware and actual data theft. The impact of the incident was widespread but temporary for most targets, with many of the attacked sites becoming available again within hours of the initial disruption. The primary consequence was a temporary loss of access to public-facing websites for students, staff, and the public attempting to reach the online resources of the affected universities and the Check Point company.