Israel Believes Foreign Nation Directed Thwarted Cyberattack

Cyberattack was sophisticated and focused on Israeli civilian research and development, which could be of interest to entities around the world, says top authority official

Illustration: A man types on a computer keyboard in front of the displayed cyber code. March, 2017.
Reuters

The cyberattack foiled by Israel had been mounted by an organized group of hackers directed by a foreign nation, the Cyber Defense Authority believes. A senior Israeli official said Wednesday this working assumption resulted from analyzing the technological means used by the hackers, as well as examining their targets.

The Prime Minister’s Office revealed that the Cyber Defense Authority thwarted the hackers in a highly unusual announcement earlier on Wednesday. The notice came just two days after top security officials wrote a letter to the prime minister, warning that the many powers given to the Cyber Defense Authority could hamper their ability to prevent cyber attacks on Israel.

Altogether 120 targets including academic institutions, ministries, companies and private individuals were attacked. What they have in common is engagement in research and development and advanced technologies, including medicine.

“We don’t know exactly who was behind it,” said the official, who requested anonymity because of the sensitivity surrounding the issue. However, it was a sophisticated endeavor and one highly focused on civilian R&D, which could be of vast interest to a lot of entities around the world, he said.

Rafi Franco, senior division head at the cyber authority, said information about the attack began to accrue at the authority’s monitoring center last Thursday. It was also noted by cyber monitoring authorities in the U.S. and Britain, and private companies that were starting to see hallmarks of the attack. A civilian government office in Israel also reported to the cyber authority that it thought it might be under attack.

This attack was unique in its sophistication, Franco said, with the malware arriving in infected Microsoft Word files attached to authentic emails from an authentic academic institution. Anti-virus software failed to notice the problem.

Only three of the 120 targets – all private individuals – opened the malware files and were infected.

Cyber authorities within the Shin Bet security service and the defense establishment were notified about the affair but took no part in collecting information or frustrating the hackers. Franco said the attack and the fact that it was thwarted was announced due to its unusual reach and its sophistication, and in order to make the civilian world broadly aware of the danger and the need for anti-virus software. “We assess that it was just the first wave,” he said.

Following the attack, the Cyber Defense Authority published directives on how to defend against the attack on its website.

Microsoft has meanwhile issued a security update to defend users against the problem, and the cyber authority suggests installing it as soon as possible.