The state-owned company building the Tel Aviv Light Rail – which is still under construction – said its website briefly went down, but hackers didn't gain access to any information
Pro-Iranian hackers launched a cyberattack Monday on what they described as “the Tel Aviv metro” – the light rail system under construction – the latest in a long list of incursions either linked to Iranians or aimed at Iran.
Tel Aviv does not have a subway, and the state-owned company building the city’s light rail said its website briefly went down due to an attack.
Israel and Iran have long been fighting a proxy war in cyberspace. This includes recent attacks against Iranian companies by other Iranians, most likely dissidents or hackers masquerading as dissidents. There have also been attacks that Iran attributes to Israel.
On Telegram and Twitter on Monday, accounts linked to small-time hacking groups affiliated with Iran or with purported pro-Iranian cybermilitias published screenshots of what they called an “attack” on the “Tel Aviv metro.”
The screen captures showed images of the light rail system under construction, as well as IP addresses purportedly linked to it.
The Tel Aviv Light Rail is being built by the state-owned company NTA, which says it’s in charge of “the design and construction of a mass transit system for the Tel Aviv metropolis.”
In a statement, the company said that “this morning a malfunction was found in the NTA internet system. An examination revealed the website was attacked using a DDOS attack originating from abroad.” So-called distributed denial-of-service attacks are considered the simplest form of cyberattack; a website is bombarded with traffic and queries with the goal of sending it offline.
In its statement, NTA said the site was only down for a few minutes, with its defensive cybersystems preventing any real damage to the site, which the company said was operated by a third-party vendor. The hackers did not gain access to any information, NTA said.
“NTA is preparing for additional attacks together with the cyber authority and is acting according to its instructions,” the company said.
Sources in the industry stress that this was a very small attack – a similar one, they note, took place against an Israeli food-takeaway website just last week.
But there have been many attacks; Iranian hackers have taken control of the email accounts of senior Israeli figures and impersonated them, the Israeli cybersecurity company Check Point Software Technologies said last month.
Check Point is one of the most prominent defensive cyber firms in the world.
Check Point is one of the most prominent defensive cyberfirms in the world. Its Check Point Research arm has found that a recent attack on Iran’s Khouzestan Steel Company used similar methods as in attacks on the Iranian Offshore Oil Company, Iran’s Roads and Urban Development Ministry and the country’s rail system.
These incursions took place in 2019 and were linked to a group called Indra. The so-called hacktivist group’s attacks prompted a video on their victims’ screens, as did the recent attack on the steel company.
The attackers also referred their victims to the phone number 64411, which leads to the office of Iran’s supreme leader. Researchers thus assumed that the incursion was either by Iranian dissidents or people trying to pass themselves off as Iranians.
“The recent attack joins a flood of attacks conducted by groups portraying themselves as ‘hacktivists’ against the [Iranian] regime,” Check Point researchers wrote. “The number of attacks, their success and their quality can suggest that they were conducted by an advanced attacker or attackers, perhaps a nation-state with an interest to sabotage Iran’s critical infrastructure.”
Automatic approval of subscriber comments.