March 7, 2023 | Flash Brief

Iran Launches Cyberattack on Israeli University

March 7, 2023 | Flash Brief

Iran Launches Cyberattack on Israeli University

Latest Developments

Hackers working for Iran’s Ministry of Intelligence and Security conducted a cyberattack against the Technion Institute, a leading Israeli biomedical and hi-tech research university, Israel’s National Cyber Directorate announced today. Initial press reporting last month had pointed toward criminal actors, when a previously unknown ransomware gang claimed responsibility for the February attack. The university’s assessment, however, quickly shifted toward Iran as investigators determined that the goal of the operation was to “harm a national icon,” a source told Israel Hayom.

Expert Analysis

“Iran has repeatedly launched cyberattacks on America’s partners and allies around the world, including Israel and America’s NATO allies. Robust bilateral cooperation with trusted allies like Israel will not only help those countries defend against Iranian attacks but also ensure that America maintains its own competitive edge as adversaries enhance their malicious cyber capabilities.” RADM (Ret.) Mark Montgomery, Senior Director of FDD’s Center on Cyber and Technology Innovation and FDD Senior Fellow

“Judged against Russia and China, Iran may be a second-tier cyber actor, but Tehran has consistently demonstrated that its hackers can do more with less. Iranian hackers are dangerous because they are opportunistic, selecting soft targets that can cause significant economic damage and compromise the safety and security of America’s allies.” — Annie Fixler, Director of FDD’s Center on Cyber and Technology Innovation

A History of Global Attacks

MuddyWater, the Iranian hacker group responsible for the attack on the Technion, is a “subordinate element within the Iranian Ministry of Intelligence and Security,” according to U.S. Cyber Command. Posing as cyber criminals, the group previously launched a series of ransomware attacks on Israeli companies in the fall of 2020. Tehran has used MuddyWater’s hacking operations to steal secrets and information from government and private sector organizations, including telecommunications, defense, and oil and natural gas companies in Asia, Africa, Europe, and North America, the U.S. government has warned.

Iran Targets Critical Infrastructure

Tehran has deployed other hacking groups to disrupt and degrade critical infrastructure, including hospitals, according to a joint advisory from the United States, United Kingdom, and Australia. While private cybersecurity firms assess that Tehran’s hackers lack sophisticated malware specifically designed to compromise the U.S. electric grid, Iran got dangerously close to poisoning Israel’s national water system nearly three years ago, before Israel thwarted the operation. The Russian criminal ransomware attack on Colonial Pipeline — which caused the U.S. government to issue a regional emergency declaration due to potential fuel shortages on the East Coast — revealed that hackers do not need customized cyber tools to disrupt the delivery of goods critical to the U.S. economy and the daily lives of American citizens.

U.S.-Israel Cyber Cooperation

With its defenders on the front lines of the cyber battlefield, Israel has unique expertise to share. The Biden administration has previously announced high-level strategic dialogues, partnerships, and task forces with Israel to improve bilateral cooperation on cybersecurity. The Department of Homeland Security expanded the Abraham Accords last month to include cyber collaboration and threat information sharing between Israel and the United Arab Emirates, Bahrain, and Morocco.

Related Analysis

The Dangers of Iran’s Cyber Ambitions,” by Annie Fixler

Iran’s Hackers Are Opportunistic, Patient, and Fearless,” by Annie Fixler

Iranian-backed attacks on Albania highlights need for Cyber Capacity Building,” by RADM (Ret.) Mark Montgomery

Money and Partnerships Matter in Cybersecurity,” by RADM (Ret.) Mark Montgomery and Jiwon Ma

Issues:

Cyber Iran Iran Global Threat Network Israel