Cyber Incident Victim: Maariv

On April 26, 2023, Israeli Independence Day, the websites of major Israeli news outlet Maariv were taken offline. The disruption was the result of a distributed denial-of-service (DDoS) cyberattack. The group known as Anonymous Sudan publicly claimed credit for the attack on their Telegram channel. The group explicitly stated their motivation was to coincide with the national holiday, with a message reading, "Today, we will focus entirely on Israel because of their celebration of the occupation of Palestine." This incident was not an isolated event targeting a single entity but part of a broader campaign against Israeli digital assets on that specific day.

The scope of the attack extended beyond Maariv. Anonymous Sudan also successfully managed to take down the website of the Israel Ports Authority and the official website of the Meretz political party. The group made additional claims regarding other high-profile targets, stating they had also hit the websites of the Health Ministry, Shin Bet (Israel Security Agency), Israel Securities Authority, the Haifa Port, and the news site Walla. However, at the time of reporting, these specific sites remained functional and accessible, indicating the attacks against them were either unsuccessful, mitigated, or not as severe as claimed.

This cyber incident represents a continuation of a pattern of hostile cyber activity by Anonymous Sudan against Israeli targets throughout the month of April 2023. Prior to the Independence Day attack, on April 14, the group had claimed responsibility for a significant cyberattack that impacted the Israel Post and multiple major financial institutions. The list of affected banks included Bank Leumi, Discount Bank, Mizrahi-Tefahot, Bank Mercantile, and Bank Benleumi, which is also known as the First International Bank of Israel. Subsidiaries of Bank Benleumi, namely Bank Otzar Ha-hayal and Bank Massad, were also reported as affected in that earlier attack.

Anonymous Sudan has also demonstrated a specific focus on targeting Israeli media outlets. Prior to the attack on Maariv, the group had successfully launched cyberattacks that took down other prominent Israeli news sites. These included the websites of The Jerusalem Post, which is a sister publication to Maariv, as well as KAN and i24. This pattern indicates a strategic intent to disrupt the flow of information and public access to news sources. Furthermore, at the very start of April, the group claimed to have successfully hit the website of the prominent cybersecurity firm Check Point, as well as the website of the emergency service organization United Hatzalah.

The immediate impact of the DDoS attack on Maariv was the complete unavailability of its website, rendering it inaccessible to readers. This disruption directly impaired the news organization's ability to publish content and serve its audience on a major national holiday. The takedown of the Israel Ports Authority website potentially affected individuals and businesses seeking information or services related to port operations and shipping logistics. Similarly, the attack on the Meretz party's website disrupted its online presence and political communication during a significant national event. The primary consequence was a widespread but temporary disruption to the online services of various Israeli commercial, media, and governmental bodies. The incident was reported as a developing story, with the full extent of the impact and any subsequent response actions from the affected organizations not detailed in the immediate reporting.