Cyber Incident Victim: Hebrew University of Jerusalem
Date:
Apr 2023
Location:
Israel
Summary
A cyberattack attributed to the group Anonymous Sudan targeted the Hebrew University of Jerusalem, among several other major Israeli universities and a cybersecurity firm. The incident involved a large-scale DDoS attack that rendered the institution's website unavailable for browsing for several hours. The group claimed the attack was retribution for actions in Palestine and stated this was a precursor to a larger planned attack. Service was restored after the attack subsided.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On April 4, 2023, a coordinated cyberattack targeted multiple Israeli academic institutions and a major cybersecurity company. The attack was carried out by a group identifying itself as "Anonymous Sudan," which claimed responsibility for the incidents through statements published on its Telegram channel. The group's stated motivation was a response to actions in Palestine, as indicated by their message: "Infrastructure: Universities - Israel education sector has been dropped Because [sic] of what they did in Palestine." This campaign was part of a broader activist effort known as OPIsrael, which involves attempts to attack targets across the Israeli internet.
The incident began with attacks on the websites of several major universities in Israel. The affected institutions included Tel Aviv University, the Hebrew University of Jerusalem, Ben-Gurion University of the Negev, Haifa University, Weizmann Institute of Science, Open University of Israel, and Reichman University. The primary impact was the unavailability of these universities' websites for browsing. The attacks rendered the sites inaccessible to users for a period of several hours, disrupting public access to information and online services provided by these educational entities. The method of attack employed was a Distributed Denial of Service (DDoS), which functions by overwhelming a target website with a massive volume of requests from multiple sources, thereby exhausting its resources and making it unable to respond to legitimate traffic.
Following the attacks on the academic sector, the same group targeted Check Point, one of Israel's largest cybersecurity companies. The attack on Check Point's website occurred on the afternoon of April 4th. The company confirmed it was subjected to a large-scale DDoS attack. However, the impact on Check Point was brief. Their website was taken down initially but returned to normal operation after a short while. A spokesperson for Check Point stated that all their sites were functioning well despite the attack and emphasized that the company's website was protected against DDoS attacks at what they described as the highest level, calling it one of the strongest websites in the world. The spokesperson explained that the hackers used a huge amount of requests to affect the ability to reach the site for a few minutes, but due to their protections, the site was not damaged and resumed usual operation.
In addition to the universities and Check Point, the Anonymous Sudan group also claimed to have briefly attacked websites associated with several medical centers, including Rambam Hospital in Haifa. However, the hospital itself denied that any such attack had occurred, creating a discrepancy between the attacker's claims and the victim's reported experience.
The attacker group provided a statement outlining their actions and future intentions. They published a list of the sites they attacked on their Telegram account. Furthermore, they indicated that the attacks carried out on April 4th were not their main effort, warning that a larger, more significant attack was planned for April 7th. It was not clear from the available reports whether any of the attacks managed to penetrate beyond the public-facing websites and into the internal systems of the targeted institutions. The nature of the incidents, as described by cybersecurity firm Check Point, was that of "service-preventing attacks" that only bring down websites and do not involve the theft of information. Such attacks are generally considered to be recoverable from relatively easily compared to more intrusive breaches.
The response from the affected entities varied. The universities experienced several hours of downtime before their websites gradually became available again. Check Point's response was characterized by robust defensive measures that quickly mitigated the attack against their infrastructure. The company's public statement served to confirm the event while also demonstrating the effectiveness of their protections. From a broader cybersecurity perspective, Check Point provided analysis on the incident, noting that while these particular attacks were of the DDoS variety, it can be assumed that such groups are also attempting to produce more significant attacks, including those involving ransom and data theft. The overall consequences of the incident included temporary disruption to the online presence of leading Israeli universities and a brief interruption to a prominent cybersecurity firm's website, but no long-term damage or data compromise was reported. The attacks highlighted the ongoing cyber threat landscape where activist groups target critical sectors like education and healthcare for ideological reasons, employing easily accessible attack methods to achieve publicity and cause temporary disruption.