Moscow and Tehran unmasked
A new hacker group calling itself Anonymous Sudan attacked the websites of Israel’s national mail service and major banks in April reveals The Times of Israel. The group co-ordinated a distributed denial of service, or DDoS, attack, which managed to temporarily overwhelms the servers of Israeli private and public bodies in an assault seemingly timed to coincide with a day of Iranian-promoted anti-Israel events. Though attack was quickly contained, Israeli authorities said, with no harm or data leaks, the websites of two telecoms and more banks later went down. The cyber assault on Israeli telcos is not over, the report said, as the hidden hand of Moscow, pictured, is thought to be behind the attacks. This would only mean a step up in cyber terror tactics on Israel’s comms services.
The attack was claimed by a group of hackers that goes by Anonymous Sudan, according to Hebrew media reports, citing a telegram message posted by the shadowy collective. The National Cyber Directorate said the site for Israel’s national mail service was back up and running after a few minutes. Bank Mizrachi’s page was down for half an hour, with only “occasional interruptions,” it said.
The hackers did not gain access to internal documents or files, but merely the customer-facing interface. A short time later the websites for the Hot cable service provider and 012 mobile carrier went down, with the group claiming responsibility for those as well. The attacks coincided with the marking of Quds Day, an Iran-promoted event featuring virulently anti-Israel marches and rallies in Tehran another hotspots. Hackers have used the occasion of Quds Day to attack Israeli institutions in the past.
In recent months, Anonymous Sudan has claimed several short-lasting attacks on government services, healthcare and other operations in European countries. Some experts have speculated they may be linked to Russia’s Killnet hacking group rather than Sudan.
Iranian-Russian cooperation on hack attacks may challenge Israeli cyber supremacy since Moscow as helped Tehran to gain cyber warfare functions after years of being stymied
Now websites of Israeli banks, telecom firms, the postal service are being taken down by hackers.
The attacks are nothing now. For years, the last Friday of Ramadan, dedicated to anti-Israel rallies championed by Iran under the banner of Jerusalem Day, has been accompanied by hacker groups trying to disrupt Israeli life. As in previous years, Friday’s cyberattack caused minor service interruptions according to Israeli authorities. What is significant, say Times of Israel staff, is that the authors of the attacks has changed, they have greater potential for damage and the terrorists have a more sinister message to give Israel.
Anonymous Sudan is thought to have no meaningful connection to the Anonymous hacking collective or the Saharan country currently locked in deadly civil strife. Rather, experts believe the group has strong links to Russia, and given Iran’s prominent role in directing anti-Israel activity to mark Jerusalem Day, many see its fingerprints behind the cyber-assault as well. If confirmed, Iranian-Russian cooperation in cyberspace would mark a new stage in the long-running shadow war between Israel and Iran, which has largely been waged in computer code. “Such a breakthrough would significantly affect the regional balance-of-power, in favour of the Islamic Republic.” Said the report.
Cyberwarfare between Iran and Israel has escalated over the last six years. Israel, determined to prevent Iran from acquiring a nuclear weapon and advanced missile capabilities, is understood to have been behind cyberattacks that have disrupted the functioning of the Islamic Republic and have caused damage to Iranian installations. Among the best-known instances was the 2010 Stuxnet bug, which was credited with destroying centrifuges being used to develop Iran’s nuclear program. The attacks have continued since then.
Iran is also determined to build up its cyber defences to respond to Israeli hacking and initiate its own attacks. A 2020 cyberattack targeting Israeli water facilities was probably the first Iranian foray into the cyber war. Israel’s cyber defenses have so far prevented major damage, but Tehran has not given up trying. With military cooperation between Tehran and Moscow already ramping up against the backdrop of the war in Ukraine, it would seem fitting for the Islamic Republic to turn to Russia in order to upgrade its cyber capabilities and seek opportunities for a joint-initiatives.
Most of the cyberattacks carried out by Israel and Iran against each other to date appear to be forms of psychological warfare, operations aimed at influencing public opinion in the target country to put pressure on the ruling regime, or to spark destabilising protests.
Such attacks usually do not cause irreversible damage to the targets or end with innocent civilians being killed. The list of soft targets thought hacked by Iran in recent years includes The Technion — Israel Institute of Technology (2023), rocket alert sirens which were set off in Jerusalem and Eilat (2022), breached security cameras (2022), the LGBTQ website Atraf (2021), and the Shirbit insurance company (2020).
Anonymous Sudan first began taking credit for hack attacks in January, and has seemingly focused on targeting European countries in retaliation for perceived anti-Muslim activity. Experts have noted that most Telegram messages from Anonymous Sudan are in Russian or English and have linked the group to Russian hacker gang Killnet, which has launched DDoS attacks in European countries that back Ukraine. Killnet and Anonymous Sudan also often amplify each other’s messages on social media. In February, Killnet published a message from Anonymous Sudan claiming to have taken down the website of Israeli cybersecurity firm Radware.
Intensified cyber cooperation between Iran and Russia poses a threat to Israel, the United States, and their allies. Russia, not Iran, is in the driver’s seat in terms of defining how far the cooperation goes, and could be pressured to limit it. While Russia has ignored Israeli lobbying vis-a-vis cooperation with Iran in the past, it could be threatened by the prospect of Tehran using its cyber prowess against Moscow in the future. “So long as Russia and Iran are still hacking it together, Israel should be prepared to deal with cyber onslaughts that could cause real trouble,” said the Times of Israel leader.