Targeting government websites that provide consumer services is a key tactic for disrupting a nation’s economic and social infrastructure. From tracking COVID vaccinations to paying fines, government websites serve as centralized resources for consumers. When these websites go down it instills uncertainty and creates an environment where disinformation can propagate. In addition, as consumers scramble to learn more they become more susceptible to scams, data theft and inadvertent exposure to ransomware and other harmful programs. Today it was a DDoS, tomorrow it could be defacement or furtive phishing of valuable consumer information. Promoting digital safety for consumers is more than a moral obligation, it is one of the biggest misses in cybersecurity.
Chris Olson, CEO at The Media Trust
A day after Israel was hit by what the country’s authorities described as a cyber attack that temporarily knocked out a number of websites, including government portals, little information has surfaced as to the nature or origin of the attack.
But both a former senior Israeli diplomat and cybersecurity experts saw a potential connection to Iran and Russia’s conflict in Ukraine given the heightened geopolitical tensions that surrounded the incident.
“In the past few hours, a DDoS attack (Distributed Denial of Service) against a communications provider was identified,” the Israel National Cyber Directorate said in a statement shared with Newsweek on Monday. “As a result, access to several websites, among them government websites, was denied for a short time. As of now, all of the websites have returned to normal activity.”
The Israel Defense Forces declined Newsweek’s request to comment and other Israeli authorities have remained largely silent on the hack, which appeared to be one of the largest to target the country in recent history.
There were no immediate claims of responsibility for the attack, but suspicion soon turned to Iran as the official Islamic Republic News Agency quickly reported on the incident, citing prior cyber attacks launched against Israel by groups linked to Iran, including the “Black Shadow” organization that has been blamed for a series of online incidents in Israel.
Semi-official outlets such as Fars News Agency also reported earlier Monday on an alleged incident in which the Revolutionary Guard claimed to have foiled an Israeli plot targeting one of the country’s most important nuclear facilities. The report claimed that Israeli spies, using an agent paid in cryptocurrency and supplied with secure communications under the guise of a Hong Kong company, attempted to approach an individual working on advanced IR-6 centrifuges at the Fordow Nuclear Facility before the conspiracy was busted by the Revolutionary Guard’s Nuclear Command.
The hack in Israel came just two days after Iran’s Revolutionary Guard launched what was described by local Kurdish Regional Government authorities as nearly a dozen ballistic missiles against a site in the northern Iraqi city of Erbil, where the U.S. military is also present. This brazen strike came in apparent revenge for an air raid blamed on Israel that killed two Iranian colonels in Syria last week.
The drastic escalation comes in what has been a long-running, shadowy feud between archfoes Iran and Israel as much of the international community’s attention, including that of the United States, is focused on Russia’s war in neighboring Ukraine.
Speaking with Newsweek, Israel’s former permanent representative to the United Nations Danny Danon expressed worries that the timing was no coincidence.
“We are troubled by the recent cyber attacks in Israel and the incident is being investigated in further detail,” Danon said. “There is, of course, a concern that Iran is ‘testing’ Israel and the U.S. during this chaotic time when all eyes are on Ukraine. When Iran detects an opportunity to exploit the situation and advance their terrorist agenda they do not hesitate. This may be what we see happening now.”
He argued that “the unprovoked assault on Erbil, Iraq, by Iranian forces is one such instance, and the cyber attacks on Israel’s government, for which Iran has claimed responsibility, is another.”
Danon also tied in another development, the ongoing efforts to restore the United States’ participation in a 2015 nuclear deal with Iran and fellow signatories China, France, Germany, Russia and the United Kingdom. U.S. President Joe Biden has sought to return to the deal, abandoned by his predecessor in 2018, a move that would see sweeping U.S. sanctions lifted from Iran in exchange for Tehran reinstituting strict limits on a nuclear program it says was never intended to produce a nuclear weapon.
Israel, which is widely believed to have nuclear weapons of its own, has always opposed the accord, officially known as the Joint Comprehensive Plan of Action (JCPOA), and Danon said such Iranian actions should dissuade powers from dealing with the Islamic Republic.
“These seemingly small but consequential onslaughts should serve as a warning to the P5+1 in Vienna that we cannot partner in any way with a regime that seeks to terrorize the Western world and cries for its destruction,” Danon said. “We must respond to Iranian terror with aggression and sanctions and not with reward or appeasement.”
Nonetheless, representatives of the original deal appeared on the verge of a resolution in the Austrian capital just days ago, but a pause was abruptly announced, apparently prompted by a last-minute Russian demand for assurances that Moscow would be able to trade with Tehran uninterrupted as Washington leads a broad coalition of countries to sanction Russia over its military operation against Ukraine.
U.S. State Department spokesperson Ned Price told reporters Monday that it was up to Iran and Russia to figure out how to proceed.
“Clearly, there are decisions that need to be taken in Tehran. Clearly, there are decisions that need to be taken in Moscow,” Price said. “We expect to have a better sense in the coming days whether a path forward with a mutual return to compliance with the JCPOA is achievable.”
The following day, Iranian Foreign Minister Hossein Amir-Abdollahian traveled to Moscow to meet Russian counterpart Sergey Lavrov, with whom he discussed both Ukraine and the nuclear deal, as well as Afghanistan, Syria and Yemen, according to the Iranian Foreign Ministry.
As for the missile strikes in Erbil, Price condemned the actions as “attacks against the sovereign state of Iraq” and argued such activities were only further motivation to settle the JCPOA.
“The broader point is that Iran poses a threat to our partners in the region and, by extension, us in a number of different ways. And we’ve spoken of Iran’s nefarious activities, going beyond its nuclear advancements and its nuclear provocations,” Price said.
“We have seen Iran, of course, fund proxies in the region, fund terrorist groups, engage in malicious cyber activity, but the basic point is that Iran would be able to do all of these things, and potentially more, with far greater impunity if it were not verifiably and permanently constrained from obtaining a nuclear weapon.”
In its own announcement on the missile attacks in northern Iraq, the Revolutionary Guard appeared to link the move to a suspected Israeli airstrike that killed two Iranian colonels near the Syrian capital of Damascus last week, an event for which the Revolutionary Guards had vowed revenge.
“Following the recent crimes of the fake Zionist regime and our previous statements that the crimes and evils of this infamous regime will not go unanswered,” the force’s public relations center said, “last night, the strategic center of Zionist conspiracy and evil was targeted by powerful missiles of the Islamic Revolutionary Guard Corps.”
“Once again, we warn the criminal Zionist regime that the repetition of any evil will face harsh, decisive and destructive responses,” the Revolutionary Guard said. “We also assure the great nation of Iran that the security and peace of the Islamic homeland is the red line.”
Iran has played a military role in Syria for years, backing President Bashar al-Assad in a civil war set to see its 11th anniversary on Tuesday. Israel has conducted hundreds of airstrikes throughout this time—many neither confirmed nor denied by the IDF—against the positions of Iran, its militia allies and Syrian military positions attempting to down Israeli warplanes.
But also backing Damascus is Moscow, which has deployed advanced air defenses that have never been used to target Israeli jets. Despite its alliance with the U.S., Israel has viewed Russia as a key player in the region and especially in neighboring Syria and the two countries have frequently held contacts on the conflict.
Since the war erupted in Ukraine, Israel has carefully sought to balance its position, with Israeli Foreign Minister Yair Lapid outright condemning Russia as Prime Minister Naftali Bennett seeks to leverage his relationship with Russian President Vladimir Putin to play a mediating role in the conflict.
Bennett spoke Monday with Putin and on Saturday with Ukrainian President Volodymyr Zelensky. While Israel has so far been hesitant to join in on international sanctions against Russia, Lapid asserted Monday that Israel “will not be a route to bypass sanctions imposed on Russia by the United States and other Western countries” in a commitment that Ukrainian counterpart Dmytro Kuleba said was reiterated to him the following day.
While no actor or nation has claimed responsibility for the cyber attack on Israel, cybersecurity experts could also not rule out that a nation or state-sponsored actor was involved due to the scope and sophistication of the hack when asked if responsibility may lie with Iran or Russia.
“To attribute this specific attack to a state actor requires deep analysis,” Chris Olson, the CEO of digital safety platform The Media Trust, told Newsweek. “However, as nation-states typically increase attacks targeting government environments during times of turmoil it’s certainly possible this could be attributed to a foreign adversarial government.”
Jennifer Tisdale, CEO of the GRIMM cybersecurity network, felt it was more likely than not that a foreign government had a hand in the attack.
“There’s not enough information to say with certainty that the attack was state-sponsored,” Tisdale told Newsweek. “There is also not enough information to say it wasn’t. It is known that Iran and Israel have been engaging each other in a cyber shadow war. I think it’s more probable than possible that the actions of a nation-state are at play.”
Iran’s permanent mission to the United Nations did not immediately respond to Newsweek’s request for comment.
