Hackers targeted dozens of Israeli websites on Thursday in a coordinated attack ahead of the Islamic Republic’s Quds Day, which falls on May 22.
Among the sites downed were those of the City of Ramat Hasharon, Free Israel, KIA Israel, Regavim, United Hatzalah and the Kinneret Authority, to name a few.
Users attempting to access the targeted websites found that their content had been replaced with images of Jerusalem, Tel Aviv and Haifa going up in flames, with a caption in broken Hebrew saying, “The countdown to Israel’s destruction has begun.”
Israel’s National Cyber Directorate (INCD) said that the attack was perpetrated by Iran or Hamas, both of which have previously carried out such Quds Day attacks.
Many of the sites targeted are hosted by Israeli web hosting company Upress.
The company said in a statement: “We have detected a large-scale cyberattack on many of our sites. This is a deliberate and widespread attack by anti-Israeli elements. We have identified a security weakness in the WordPress plug-in that caused a breach and we are working with the National Cyber Directorate, conducting a security investigation and addressing issues on all websites.”
The company said it was working to repair the damage caused by the attack, adding, “This is a very serious incident but we promise we’ll get through it.”
Lavy Shtokhamer, head of the INCD computer emergency response team, told Israel Hayom that “the main purpose of these groups is to create media headlines; to create panic and fear by using attention-grabbing images and slogans.”
Such attacks, said Shtokhamer, “are not very sophisticated … and they have only limited success each year, but the increased reliance on technology due to the coronavirus crisis has created a substantial platform that hackers can exploit.”
An official with Israeli cybersecurity giant Check Point Software Technologies said, “we are seeing an organization of hackers from the Muslim world (probably Turkey, North Africa and the Gaza Strip) working to attack Israeli sites and replace their homepages with anti-Israeli images and slogans. As these sites are hosted by the same cloud service, it probably created a single point of failure that has hit multiple sites.”
As for the Iranian connection, Check Point noted that “we see in this group nine attackers that have been active since April. A study of their profiles links them to Turkey, North Africa and the Gaza Strip. It doesn’t mean that there aren’t others, but we can’t positively confirm Iranian activity at this time.”