Cyber Incident Victim: Technion – Israel Institute of Technology
Date:
Feb 2023
Location:
Israel
Summary
A ransomware attack targeted a prominent Israeli technology university by the group DarkBit, which demanded 80 bitcoins under threat of a 30% increase if unpaid within 48 hours. Operational disruptions led to postponed exams and altered classroom protocols requiring handwritten notes or disconnected devices, impacting digitized services at the tech-focused institution. Israel's National Cyber Directorate assisted in assessing consequences but faced jurisdictional limitations, as higher education institutions fall outside mandatory cybersecurity standards applicable to critical infrastructure. The group's ideological rhetoric opposing Israel suggested potential non-financial motives, though criminal objectives could not be ruled out. The incident highlighted persistent targeting of academic entities, with 53 serious cyberattacks recorded against the sector in the preceding year.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On February 12, 2023, Technion – Israel Institute of Technology, a leading institution in cybersecurity education, was targeted by a ransomware attack attributed to a newly emerged group identifying itself as DarkBit. The attackers demanded 80 Bitcoins (equivalent to approximately six million Israeli shekels) to halt the attack, threatening to increase the ransom by 30% if payment wasn’t received within 48 hours. DarkBit framed their motivations partly through ideological opposition to Israel, referencing "apartheid" in their communications, though authorities speculated this could also serve as a diversionary tactic to obscure purely financial objectives. The attack disrupted university operations, forcing the postponement of all exams pending resolution of the incident. Technion advised students and staff to continue classes using handwritten notes or laptops disconnected from the university network to mitigate further compromise, though the institution’s heavy reliance on technology cast uncertainty on the practicality of maintaining normal academic activities.
The Israel National Cyber Directorate (INCD) immediately engaged with Technion to assess the incident’s scope and assist with containment and recovery. While investigating the breach, the INCD noted higher education institutions were frequent targets, citing 53 serious cyber incidents in the sector during 2022, most of which were thwarted. Despite this, the INCD’s ability to enforce cybersecurity standards remained limited under Israeli law, which classified universities outside "critical infrastructure"—a designation reserving binding directives for entities like power and water utilities. The directorate could only provide recommendations to academic institutions, having conducted prior awareness meetings with higher education officials to bolster defenses. No specific vulnerability enabling the breach was publicly identified, and the incident underscored operational challenges for a technology-centric university adapting to abrupt losses in digital functionality.