Iranian Hackers Claim They’ve Hit the Bank of Israel - but ‘No Proof,’ Cyber Authority Says

Cyber Directorate says it sees no evidence supporting claim by group called ‘Hackers of Savior’ that they broke into Israel’s wire transfer system and hacked personal accounts

Oded Yaron
Oded Yaron
מתוך האתר של Hackers of Savior. צילום מסךA screen capture from the Hackers of Savior website claiming to show hack of Bank of Israel wire transfer system
A screen capture from the Hackers of Savior website claiming to show hack of Bank of Israel wire transfer system
Oded Yaron
Oded Yaron

A group of hackers purportedly linked to Iran said on Monday that they had succeeded in hacking into the system used to transfer money between Israeli banks and through it entered into people’s personal accounts. However, Israel’s National Cyber Directorate and the Bank of Israel, which operates the network, said they found no indication of any kind of hacking into any banking network.

“Several hours ago, a video was released that alleged to show that Israeli banks had been penetrated,” the directorate and the central bank said in a statement. “The issue was examined by the cyber directorate, the Bank of Israel and the banks themselves and as of now there have been no indications any banking system was compromised.”

The video, which was uploaded by the group “Hackers of Savior,” claims to show them having access to the central bank’s Zahav system, a wire system for securely transferring money between commercial banks in real time. Launched 15 years ago, the system enables money to go between bank accounts quickly enough that it becomes available almost immediately.

The system has access to everyone who has an account at any Israeli bank. Nevertheless, it isn’t usually used by private customers, among other reasons because the fees for using it are high. The Bank of Israel says Zahav is used primarily for important transactions, for example, those involving large amounts of money, for transactions involving the sale of assets, like a house or car, or transactions where there is doubt the payer’s ability to meet his financial obligations.

“Hackers of Savior” began its activities about two years ago in the framework of #OPJerusalem, a campaign marking “Iranian Jerusalem Day” (“International Al-Quds Day”) at the end of Ramadan. This week, Israel’s cyber authority had warned that it expected there would be hacker attacks this year as part of #OPJerusalem.

A screen capture from the video posted by Hackers of Savior purportedly showing them entering the Israeli wire transfer system

“Hackers of Savior”’s first attack occurred in April 2020 with a relatively unsophisticated distributed denial-of-service (DDoS) attack. Last January, the group took responsibility for an attack on the Israeli logistics company Gold Bond. The hack led to a brief interruption in the company’s systems used for storing container cargo and freight terminals adjacent to Israeli ports.

In the video that the group uploaded on Monday, it appears that the hackers succeeded in remotely connecting the IP address system, which an examination by Haaretz shows belongs to the government of Israel (e-government operations) and is connected to the Bank of Israel. Then, they show what appears to be a server with databases of all the banks in Israel, including those containing information on bank accounts and credit cards.

Later, the video shows the hackers entering three online bank accounts, one of them at Bank Leumi and two others at First International Bank of Israel. At the end, the hacker explains how they used the funds to make a donation to a Palestinian charity using the credit card of the last account holder.

The dates on the account indicate that the video was filmed in the past month over several days at least. The first hack into the account was done on Saturday, April 16 and that two other accounts were penetrated, as was the donation to the Palestinian charity, occurred on April 19.

Haaretz’s examination of the IP address the hackers entered is not accessible on the web right now. According to the Shodan search engine, which lets users search for various types of servers connected to the internet, the address “was last seen on 19 April.”

The proximity of the times suggests a connection between the two, hinting that the system was taken down after the hack that revealed it was exposed. However, both the cyber directorate and the Bank of Israel said late Monday that they uncovered no evidence of hacking. Knowledgeable sources stressed that internal servers that resided at the same IP address had not been hacked.

Outside experts who have looked at the video and asked not to be identified are skeptical about the “Hackers of Savior”’s claims. The most common view is that it was faked in order to create panic. But it appears that the attackers exploited impressive video editing skills, and may have phished or recycled databases that had previously leaked to the web.

Click the alert icon to follow topics:



Automatic approval of subscriber comments.

$1 for the first month

Already signed up? LOG IN

Touro Synagogue, Newport, Rhode Island

Inside the Fierce Battle Over America's Oldest Synagogue

Protesters demonstrating in front of the consulate general of Israel in New York last year.

Huge Gap Between Young, Old Americans' View on Israel-Palestine

Rep. Henry Cuellar attends a campaign event on Wednesday, in San Antonio, Texas.

AIPAC-backed Dem Declares Victory Against Progressive Challenger in Texas Runoff

Iranian President Ebrahim Raisi and Atomic Energy Organization of Iran chief Mohammad Eslami at an event for Nuclear Technology Day in Tehran, last month.

Prospects for Reviving Iran Nuclear Deal 'Tenuous' at Best, U.S. Envoy Says

A family grieves outside the SSGT Willie de Leon Civic Center following the mass shooting at Robb Elementary School in Uvalde, Texas on Wednesday.

Israeli PM Offers Condolences After Texas Gunman Kills 21 at Elementary School

U.S. President Joe Biden, this week.

Biden Decides to Keep Iran's Revolutionary Guards on Terror List, Says Report