Israeli websites defaced, as more offensive cyber activity flares up in Middle East

Following a month of cyberattacks involving Iran and Israel, experts are reluctant to predict all-out digital warfare between the nation states, despite the obvious recent tit for tat that underscores age-old, religion-based tensions.

The latest possible salvo came May 21, when approximately 1,000 corporate and manufacturing targets within Israel were afflicted with defacements and denial of service attacks by “Hackers_Of_Savior,” a hacktivist group.

Recipients of the attack were greeted with anti-Israel and anti-Zionist messaging in Hebrew and a computer-generated video depicting the simulated destruction of various Israeli buildings throughout the country. The attackers also threatened the victims that they’d risk losing their data, saying it would be sold on the dark market if they didn't pay the equivalent of thousands of dollars.

It appears that it was no accident the May 21 attack occurred on Israel’s Jerusalem Day, coinciding with the 53rd anniversary of the Jewish state occupying the capital city that also is mecca to Islam and Christianity.

Multiple news reports have indicated there is no current evidence of that Iran directly carried out the web attacks, despite potential concern that the country might act after a May 11 announcement from Iran’s managing director of its Port and Maritime Organization that a cyberattack by a foreign entity, identified in reports as Israel, damaged private systems at the Shahid Rajaei Port.

This port cyberattack was preceded by an April 24 malware attack that temporarily afflicted but caused no substantial damage to central Israel’s water and sewage facilities in the city of Sharon; in this case, foreign officials, Israeli intelligence and the country’s National Cyber Directorate reportedly laid responsibility with Iran.  

Security firm Radware’s analysis of the latest cyberattacks on Israel said the attackers exploited a WordPress plug-in weakness used by the defaced websites, which were hosted by uPress, whose U.S. office is based in Woodcliff Lake, NJ, with operations also in Israel, Brazil, and the Netherlands. Its Israel operation told clients in a May 22 statement: “This is a deliberate attack of anti-Israel factors.” uPress said client sites’ information is backed up and the hosting company was working with affect sites individually to resume operations.

“Caution should be exercised to avoid attributing them to Israeli or Iranian nation state operators,” Radware stated in its report. However, a reason for concern was that Hackers_of_Savior, which emerged on Facebook in April, called their actions “the first big step” in targeting Israeli infrastructure. Additional threat actors potentially will fan the flames between the two countries “over the coming days,” and may include entities, including al-Quds or OpJerusalem.  

Muslims celebrate Jerusalem as Quds Day at the end of Islam’s month-long prayer and reflection during Ramadan, which ends May 23. The Islamic Republic of Iran initiated Quds Day in 1979 to express support for the Palestinians and oppose Zionism and Israel.

Iran and Israel have tussled in cyberspace since 2010 when Iran nuclear capability was partially destroyed allegedly as the result of the U.S. and Israel in 2010 sending “Stuxnet” malware to the country’s military and civilian infrastructure, widely regarded as the first nation-state attack on infrastructure with the aim of causing real-world damage.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.