US Cyber Command and the Israeli military’s Joint Cyber Defence Division (JCDD) have wrapped up a week’s worth of drills, the Israel Defence Forces (IDF) revealed.
The exercises, dubbed ‘Cyberdome’, were the sixth annual drills of their kind, and reportedly involved training “for a variety of cyber defence challenges in the US”. The IDF said the exercises demonstrated “the strategic partnership between the two militaries, which allows both to achieve cyber network superiority”.
The exercises were held at a US Cyber Command facility.
The Israeli military did not elaborate on the details of the drills, and US Cyber Command has not mentioned them in its press materials or public-facing social media accounts.
“Cyberspace is changing and evolving into an everyday global combat space, that threatens to harm governmental, private and civilian bodies,” IDF Cyber Defence Directorate chief Lior Carmeli said in a brief boilerplate statement on the exercises.
'Charming Kitten' Attacks
The drills took place against the background of reports this week that an ‘Iran-linked hacking group’ known as “Charming Kitten” targeted a host of Israeli websites using a vulnerability in Log4j a –a widely used Java-based logging utility. Microsoft reported Wednesday that hackers in China, North Korea and Turkey also exploited the flaw.
US Cybersecurity and Infrastructure Security Agency director Jen Easterly called the vulnerability, known as Log4Shell, “one of the most serious…if not the most serious,” that she’s seen in her career. US-Israel computer security hardware and software provider Check Point suggested that the exploit has the potential to give rise to “a true cyber-pandemic.” Maryland-based cybersecurity company Tenable called it “the single biggest, most critical vulnerability of the last decade.”
Governments and companies in Israel, the United States, Canada, Germany and other countries have scrambled to patch the affected software, with hundreds of millions of devices feared to be vulnerable.
The discovery of the Log4Shell vulnerability came just days after the conclusion of a separate massive 10-day Israeli cybersecurity “war game” simulating a major cyberattack on the world’s financial system by “sophisticated players.” The drill, dubbed ‘Collective Strength’, reportedly included officials from Israel, the US, the UK, the UAE, Austria, Switzerland, Germany, Italy, the Netherlands and Thailand, as well as representatives from the IMF and the World Bank. Israeli Finance Ministry chief economist Shira Greenberg hailed the drills as “further evidence of Israel’s global leadership” in financial cyber defence.
Covert Cyberwar
Israel and Iran have spent years engaged in a covert cyberwar, targeting everything from websites and government databases to ports, power and water stations, and even nuclear power plants. In October, Israeli officials reported that a suspected Iranian hacking group known as ‘Moses Staff’ breached over 165 Israeli servers and 254 websites, amassing 11 terabytes of sensitive data, including personal information about Defence Ministry Benny Gantz and Israeli military operational planning maps, information about IDF troops and units, and correspondence. The same month, Iran accused the “Zionist regime” and its US allies of responsibility for the massive 26 October hack attack which temporarily crippled Iran’s gas station network.
Israeli private surveillance and cyber-espionage companies made global headlines this year after it was revealed that cutting-edge zero-click snooping software created by Tel Aviv-based NSO Group was used to spy on more than 50,000 people, including heads of state, journalists, opposition politicians and activists. The software, sold to state clients with the active support of Israeli authorities, was unexpectedly blacklisted and sanctioned by the US last month, with media reporting that at least 11 American diplomats had been spied on using the spyware.
Another Israeli cybersecurity company, Candiru, also based in Tel Aviv, also made headlines last month after Slovakia-based internet security firm ESET revealed that its products had been used to systematically attack websites in the UK, Iran, Italy, South Africa, Syria and Yemen, with the so-called “watering hole” attacks aimed at collecting IP geolocation data from site visitors. Candiru has also been slapped with US sanctions.