Cyber Incident Victim: Technion Faculty of Civil and Environmental Engineering
Date:
Apr 2015
Location:
Israel
Summary
A cyberattack campaign targeting Israeli entities involved multiple hacking groups compromising hundreds of websites and leaking extensive sensitive data, including PayPal credentials, email accounts, personal information of citizens, and modem login details. The Technion Faculty of Civil and Environmental Engineering was among the affected institutions, with attackers exfiltrating credentials and defacing sites as part of a coordinated operation. Leaked datasets, verified as authentic from Israeli web portals, encompassed thousands of financial records, emails, and personally identifiable information. The groups announced intentions to continue disruptive activities over a multi-week period.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 3 actors | Available to members | Available to members |
Description
In early April 2015, multiple hacking collectives including Anonymous Arab, AnonGhost, and Anonymous Arabe launched coordinated cyberattacks against Israeli digital infrastructure under the OpIsrael campaign. The attacks commenced with the compromise of approximately 700 websites, including government and business entities such as the Jerusalem Center For Public Affairs, Honda Israel, and institutions affiliated with Technion – Israel Institute of Technology. Attackers exfiltrated and publicly leaked thousands of credentials through Pastebin, with Anonymous Arab releasing 2,143 Israeli PayPal account credentials and AnonGhost disclosing over 7,000 email-password combinations. Concurrently, Anonymous Arabe disseminated a larger dataset containing personal information of 150,000 Israeli citizens, including full names, physical addresses, email addresses, and phone numbers. Technical infrastructure was further compromised through the leak of modem login credentials for 6,000 Israeli modems. Analysis of the leaked data confirmed its authenticity, with compromised records originating from Israeli web portals including area.co.il and walla.co.il.
The operational scale expanded as attackers systematically defaced additional websites, maintaining a running list of compromised domains on Pastebin and Ghostbin through April 20, 2015. Technion institutions were explicitly named among the impacted entities, though the specific compromise vector for Technion Faculty of Civil and Environmental Engineering systems was not detailed in available disclosures. The cumulative impact involved mass credential exposure across financial (PayPal), communication (email), and telecommunications (modem access) systems, compounded by the bulk theft of citizen personally identifiable information. No remediation efforts or organizational responses from affected entities were documented in the available reporting. Attackers maintained persistent operational capabilities throughout the campaign period, continuing data dumps and website defacements as part of their stated anti-Israel objectives.