The massive denial of service attack targeting Israeli government websites on Monday constituted “the largest-ever cyberattack” to be carried out against the state of Israel, a defence establishment source has told Haaretz.
The cyberattack, which began at around 6:15 pm Monday evening, continued until 7:30 pm and reached a bandwidth of 15-20 gigabytes, crashing websites across the gov.il domain, including the ministries of interior, health, welfare and justice. Prime Minister Naftali Bennett’s website and the ministry of defence websites were also affected, with the communications ministry convening a meeting in the attacks’ aftermath to assess the damage with emergency services.
“In the past few hours, a DDoS cyberattack against a communications provider was identified. As a result, access to a number of websites, among them government websites, was blocked for a short time. As of now, all of the websites are operational,” Israel’s National Cyber Directorate said in a tweet.
DDoS attacks (digital denial of service) work by overwhelming targets’ servers with data requests until they are paralyzed and can no longer function.
The Jewish State’s cyber authority declared a state of emergency over the shutdown to determine damage and check strategic infrastructure, including utilities companies. The country’s telecoms companies were subsequently tasked with restoring service.
Haaretz’ source said that the coordinated attacks were carried out by a state actor or other large organization.
The Jerusalem Post pointed out that the cyberattack took place immediately after an alleged attempt by Mossad to attack Iran’s Fordow nuclear enrichment site. Rafael Franco, a senior former Israeli National Cyber Directorate deputy director, told the newspaper that an Iranian-affiliated group called Black Shadow was responsible for a separate cyberattack on Israel’s diamond exchange over the weekend. Ram Levi, CEO of Israeli cybersecurity company Konfidas, said Monday’s DDoS attack likely originated in Iran.
Iran’s Islamic Revolutionary Guard Corps announced Monday night that they had prevented a sabotage attempt against Fordow, with IRGC intelligence said to have foiled the operation. Government sources speaking to Iranian media blamed Israel for the attempted sabotage, citing similar attempts in years’ past. An IRGC-affiliated Twitter page reportedly claimed responsibility for Monday’s DDoS attacks and boasted that “the Zionist regime will not forget tonight.”
Israel and Iran have waged a years-long cyberwar, accusing one another of targeting websites, but also real-world infrastructure such as gas stations, ports and utilities. Last year, Iran accused Israel of “nuclear terrorism” in the wake of a sabotage attack against the Natanz nuclear plant. Also last year, Israeli media reported that Iran-affiliated hackers had infiltrated the servers of a major Israeli internet hosting company, causing widespread outages. Separately, Iran-linked hackers were accused of attacking the Israeli defence ministry, leaking files, operational maps, letters, correspondence and photos from ministry systems.