Iran and Israel appear to be stepping up tit-for-tat cyber attacks on each other’s civilian information technology infrastructure in what appears to be the latest phase of their escalating rivalry.
On Wednesday, Israelis were assessing the wreckage after attacks by a suspected Iranian-linked hacker collective Black Shadow on a medical institute and LGBTQ+ dating website that resulted in the leak of private information about tens of thousands of Israelis.
The attacks followed a 26 October cyber-attack on a network of Iranian petrol stations, which Tehran has attributed to Israel.
“Black Shadow is a cover for an Iranian attack group which operates under a criminal cover,” Harel Menashri, an official with Israel’s internal security service Shin Bet, told the Kan television network. “Iran works through the cyber systems from a strategic point of view – to damage Israel’s financial and intelligence sectors.”
Iran said it managed to resurrect its petrol distribution system Tuesday after it was paralysed by last week’s cyber attack. More than 4,000 service stations were taken offline by the attack, resulting in shortages and traffic jams. Iranian officials blamed Israel for the attack. But Iran’s Supreme National Security Council (SNSC) secretary Ali Shamkhani boasted in a Hebrew-language tweet last week that the attack had been contained.
“We are still unable to say forensically, but analytically I believe it was carried out by the Zionist regime, the Americans and their agents,” Iran’s civil defence chief General Gholamreza Jalali told state television on Saturday.
Neither Israel nor Iran has provided evidence the other was behind the attacks. But they came amid rising tensions between the two Middle East rivals as Iran ups its nuclear and missile programmes and the two countries find themselves facing off in Lebanon and Syria. The battle has extended to Middle East shipping lanes, where both sides have allegedly attacked each other’s vessels. On Wednesday Iran claimed United States forces sought to capture one of its tankers in the Red Sea was thwarted, providing few details.
“We have a cold war with Iran,” Israeli prime minister Naftali Bennett told The Sunday Times in an interview published earlier this week. “For the last 30 years, Iran positioned around us to distract us. We will work against them, using all our energy, all our innovation and technology and economy to get to a point where we are a number of steps ahead.”
According to Israeli news media, the Iranian-linked Black Shadow hacking group on Tuesday uploaded sensitive medical files of 290,000 patients from the Machon Mor medical institute. Details included personal information, test results and appointments.
The leak followed a leak of users’ names, locations, and HIV statuses from the dating website Atraf after the firm refused to pay a $1m (£730,000) ransom.
Yoram Hacohen, head of Israel’s Internet Association, decried the attacks as among the most serious on privacy that Israel has ever seen.
“Israeli citizens are experiencing cyber terrorism,” he was quoted as saying by The Times of Israel. “This is terrorism in every sense and the focus now must be on minimizing the damage and suppressing the distribution of the information as much as possible.”
Black Shadow has targeted Israeli civilian internet infrastructure before, including in December. Its latest attack appeared to be via the targeting of the Israeli internet hosting firm CyberServe, and included a travel agency, public transportation firm, and a children’s museum.
Israeli commentator Yossi Melman warned in the newspaper Haaretz on Tuesday that Israel was playing with fire by engaging in cyber attacks on Iranian civilian infrastructure that Iran could easily respond to. “Israel must not continue to add fuel to the cyber warfare fire, because the attacks will only continue to increase,” he wrote.