FRESH AIR

No increased Iranian cyberthreat to Israel

May 3, 2023 | Oved Lobel

Cyber

Despite worries of increased cooperation between Russia and Iran in cyberspace, to date there is no clear evidence that such cooperation has occurred. Moreover, there does not appear to be any clear indication that Iran’s ability to conduct sophisticated cyberattacks has improved recently, despite a series of cyber-attacks on Israel making headlines over the past two months.

The Wall Street Journal in March cited “people familiar with the matter” claiming that “Moscow has likely already shared with Iran more advanced software that would allow it to hack the phones and systems of dissidents and adversaries.” Similar reports emerged in March 2019, when Israel’s Channel 12 claimed that Russia had given Iran ‘zero-click exploits’ that Iran had allegedly used to hack the phone of Benny Gantz, then a candidate for prime minister. If those reports were even correct, there is no indication such exploits have been used since.

The idea of increased Russian involvement alongside Iran in attacks against Israel has been related to unsophisticated Distributed Denial-of-Service (DDoS) attacks on Israeli websites by “Anonymous Sudan”, which is reported to be a cover for the Russia-linked “Killnet” group. Whatever the case, the group seems to be very focused on annoying countries and organisations deemed hostile to either the Kremlin or Islam, and Israel is far from the only country targeted in its global DDoS campaigns.

However, these particular attacks by Anonymous Sudan were part of OpIsrael, a yearly campaign that has existed since 2013 for anti-Israel hackers across the world to launch occasionally mildly disruptive but nonetheless unsophisticated attacks against Israeli websites and organisations.

During the escalation between Israel and Gaza-based terrorist groups overnight, Anonymous Sudan claimed it had taken down so many Iron Dome missile defence alert systems that the group stopped it from intercepting all rockets fired. While Iron Dome’s intercept success rate was lower than usual, there is no evidence Anonymous Sudan had anything to do with it. Should it transpire that hackers can intervene during conflict to disrupt Iron Dome, that would indeed be worrisome – but there is no reason as yet to believe the group’s claims.

The group further claimed it was behind power outages across Israel and that it had “gained access to very sensitive data from the Israeli government,” which it “will leak in due time.” It also claimed it was targeting Israel’s internet. These claims are also entirely unsubstantiated.

A slightly more serious ransomware attack on Israel’s Technion Institute was conducted by Iran’s “MuddyWater” group in March, but did not severely impact operations and was also part of a global campaign. MuddyWater has previously conducted such ransomware attacks, including against Israeli institutions, such as its global “Operation Quicksand” campaign in 2020.

The only serious attempted cyberattack targeting Israeli infrastructure by Iran remains the April 2020 attempt against its water distribution network, although even there the sophistication and odds of success were contested, with one intelligence official describing the attack’s sophistication as “miserable”.

Another cyberattack targeting Israeli water infrastructure in early April this year damaged some water controllers and control systems of the Galil Sewage Corporation, though the attack has not been publicly attributed to Iran and coincided with OpIsrael and a general period of anti-Israel cyberattacks during the Muslim holy month of Ramadan. Israel had already warned of planned cyberattacks on those dates, so many farmers in the area had already turned off remote control for their irrigation systems.

Similar cyberattacks against water infrastructure occurred in July 2020, also not publicly attributed to Iran.

By and large, Iranian activity in cyberspace is focused primarily on propaganda and disinformation, and its hackers mostly rely on “social engineering” techniques, including fake profiles and websites and “typosquatting” links, to gather information. While some Iranian cyber actors have reportedly improved their hacking tools recently, the baseline is extremely low.

Despite the alleged doubling in cyberattacks against Israel in 2022 – to 200 a month from approximately 88 on average the year before – Iran for the time being remains, as AIJAC assessed in April 2022, more of a cybernuisance and is still incapable of posing a serious threat.

 

Tags: , , ,

RELATED ARTICLES

(image: Shutterstock/Svet Foto)

Military strikes alone won’t stop the Houthis without direct pressure on Iran

Mar 20, 2025 | Featured, Fresh AIR
Image: X

Pay-for-Slay is likely still Pay-for-Slay

Mar 7, 2025 | Fresh AIR
Image: X

The missing pieces of the Thai hostages story

Feb 21, 2025 | Fresh AIR
Damaged section of Kamal Adwan Hospital (image: World Health Organisation)

The latest IDF raid on the Kamal Adwan Hospital debunks absurd UN report

Jan 9, 2025 | Featured, Fresh AIR
Iran's Supreme Leader Ali Khamenei (left), the late Hezbollah Secretary-General Hassan Nasrallah and the late commander of the IRGC's Qods Force Qassem Soleimani

The Axis of Resistance is not dead yet

Dec 19, 2024 | Featured, Fresh AIR
Iranian women being ushered into a van by "Morality police" (Image: X)

Iranian human rights have significantly worsened since the “Woman, Life, Freedom” protests

Dec 18, 2024 | Featured, Fresh AIR
D11a774c 2a47 C987 F4ce 2d642e6d9c8d

Bibi in DC, the Houthi threat and the politicised ICJ opinion

Jul 26, 2024 | Update
Image: Shutterstock

Nine months after Oct. 7: Where Israel stands now

Jul 10, 2024 | Update
Palestinian Red Crescent workers from Al-Najjar Hospital in the city of Rafah, south of the Gaza Strip (Image: Shutterstock)

Hamas’ impossible casualty figures

Mar 28, 2024 | Update
455daec3 C2a8 8752 C215 B7bd062c6bbc

After the Israel-Hamas ceasefire for hostages deal

Nov 29, 2023 | Update
Screenshot of Hamas bodycam footage as terrorists approach an Israeli vehicle during the terror organisation's October 7, 2023 attack in southern Israel, released by the IDF and GPO (Screenshot)

Horror on Video / International Law and the Hamas War

Oct 31, 2023 | Update
Sderot, Israel. 7th Oct, 2023. Bodies of dead Israelis lie on the ground following the attacks of Hamas (Image: Ilia Yefimovich/dpa/Alamy Live News)

Israel’s Sept. 11, only worse

Oct 11, 2023 | Update
Screenshot 2025 03 28 At 11.35.48 AM

The day after the end of the Gaza war – and the new opportunities it presents: Ehud Yaari at the Sydney Institute

Mar 28, 2025 | Featured, Video
Screenshot

Jonathan Conricus in conversation with Joel Burnie

Feb 24, 2025 | Featured, Video
Sydney, January 2025 (Image: X)

Reacting to the latest antisemitic attacks: Colin Rubenstein on SBS Hebrew radio

Feb 3, 2025 | Video
Screenshot

Antisemitic bomb plot “a massive escalation”: Colin Rubenstein on Sky News

Jan 30, 2025 | Featured, Video
(Image: screenshot)

Antisemitism database “first step of many more that need to be taken”: Dr Colin Rubenstein on ABC TV

Jan 22, 2025 | Featured, Video
Screenshot 2024 12 20 At 12.44.43 PM

AIJAC speaks out against hate… Will you join us?

Dec 20, 2024 | Featured, Video

RECENT POSTS

Anti-Hamas protests in Gaza (Image: Reddit)

Gaza protests: A turning point or a moment of desperation?

A “deep well of hatred” in segments of the Muslim community contributed to the recent outburst  of extremism and antisemitism in Australia (Image: Diana Zavaleta/ Shutterstock)

Essay: The Politics of Hatred

Iranian President Masoud Pezeshkian (left) may hint at agreeing to nuclear negotiations, but it is Supreme Leader Ali Khamenei (right) who will ultimately make the decision (Image: Khamenei.ir)

Iran: Moving beyond diplomatic delusions

A statue of Moses holding the Ten Commandments (Image: Shutterstock)

The Last Word: One Story

Israeli PM Netanyahu controversially announces he needs to fire Shit Bet chief Ronen Bar (Screenshot)

Marching toward controversy and division

SORT BY TOPICS