Thursday, December 5, 2024
HomeCyber AttackIran Launched A Major Cyberattack Against Critical Infrastructure In Israel

Iran Launched A Major Cyberattack Against Critical Infrastructure In Israel

Published on

SIEM as a Service

Over the weekend, Iran launched missile and drone attacks on Israel, retaliating for a suspected Israeli strike on its Damascus consulate that killed 13 people last week.

This escalation arises from the ongoing Israel-Iran rivalry and Israel-Palestine conflict. 

Cyber activities predated the attacks by nearly a year, starting in late March when hacktivist groups announced digital offensives against both sides following Hamas’ large-scale offensive from Gaza towards Israel in October 2023 amid intensified Israeli-Palestinian tensions. 

- Advertisement - SIEM as a Service

The tit-for-tat violence between Israel and Iranian proxies like Hamas shows no signs of decreasing.

SOCRadar observed cyber activities preceding and paralleling the physical Israel-Hamas conflict that began last year. 

Once again this week, cyber offensives foreshadowed the missile and drone attacks exchanged between Israel and Iran, demonstrating how cyber warfare often preludes and accompanies kinetic military operations.

Iran’s Attack On Israel

The cyber defense chief Gaby Portnoy of Israel indicated that the cyberattacks targeting Israel tripled since the conflict with Hamas began on October 7, driven by increased involvement from Iran, Hezbollah, and allied hackers.

Document
Stop Advanced Phishing Attack With AI

AI-Powered Protection for Business Email Security

Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Stopping 99% of phishing attacks missed by other email security solutions. .

While attack volumes were highest in the conflict’s initial months before tapering, certain days and events saw major spikes in activity. 

Recent weeks have witnessed an uptick in hacktivism by groups like OpIsrael and FreePalestine, reflecting the ebbs and flows of cyber offensives paralleling kinetic clashes.

Self-claiming Hezbollah-affiliated hacker groups on Telegram carry out various cyber attacks (Source – SOCRadar)

A threat on Telegram urged hackers to target Israel during Jewish holidays, citing symbolism in Israeli actions.

Various groups seized on holidays and conflict dates as opportunities for coordinated cyber attacks, SOCRadar said.

While many hacktivists merely signal impending events, wittingly or not, some groups like IRGC-linked, Hezbollah-backed, Iranian APTs, and Houthi hackers had more substantive cyber impacts during the Israel-Hamas conflict. 

The allegedly state-sponsored Cyber Toufan/Cyber Toufan Al-Aqsa conducted major operations and coordinated other groups to hit similar targets simultaneously. 

After a long break, their activity resurged in early April, potentially foreshadowing the latest Israel-Iran cyber/kinetic escalation.

Wake up call of Cyber Toufan Al-Aqsa (Source – SOCRadar)

During the Israel-Hamas conflict, a group called Cyber Toufan Al-Aqsa, allegedly sponsored by the state carried out major operations in which it mobilized other groups to hit the same targets simultaneously.

In the start of April this year, they came back after going silent for some time.

In late March, however, IRGC-linked Cyber attackers, popular for attacking OT systems and exposed before they were sanctioned again, reappeared, telling people about an upcoming “big” thing.

They consequently took credit for a huge cyber-attack as payback for Iran’s strikes on Israel.

Handala’s alleged hack of Israeli radar systems (Source – SOCRadar)

Cyber Av3ngers claimed responsibility for cutting electricity across “occupied territories” from south to north in retaliation for Israeli actions in Gaza. 

However, besides this, the widening scope to strike overflow targets like Saudi Arabia demonstrates how easily hacktivism can expand cyber confrontations.

Looking to Safeguard Your Company from Advanced Cyber Threats? Deploy TrustNet to Your Radar ASAP.

Tushar Subhra
Tushar Subhra
Tushar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Latest articles

One Identity Named Winner of the Coveted Top InfoSec Innovator Awards for 2024

One Identity named Hot Company: Privileged Access Management (PAM) in 12th Cyber Defense Magazine’s...

HCL DevOps Deploy / Launch Vulnerability Let Embed arbitrary HTML tags

Recently identified by security researchers, a new vulnerability in HCL DevOps Deploy and HCL...

CISA Warns of Zyxel Firewalls, CyberPanel, North Grid, & ProjectSend Flaws Exploited in Wild

The Cybersecurity and Infrastructure Security Agency (CISA) has issued warnings about several vulnerabilities being...

HackSynth : Autonomous Pentesting Framework For Simulating Cyberattacks

HackSynth is an autonomous penetration testing agent that leverages Large Language Models (LLMs) to...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

Deloitte Hacked – Brain Cipher Group Claim to Have Stolen 1 TB of Data

Brain Cipher has claimed to have breached Deloitte UK and exfiltrated over 1 terabyte...

UK Healthcare Provider Hit by Cyberattack, Services Affected

Wirral University Teaching Hospital in the UK has been hit by a targeted cyberattack,...

SMOKEDHAM Backdoor Mimic As Legitimate Tools Leveraging Google Drive & Dropbox

UNC2465, a financially motivated threat actor, leverages the SMOKEDHAM backdoor to gain initial access...