Hackers claim to have breached Israeli nuclear facility’s computer network

Siva Ramakrishnan
An Iran-linked hacking group claims to have breached the computer network of a sensitive Israeli nuclear installation in an incident declared by the ‘Anonymous’ hackers as a protest against the war in Gaza.

An Iran-linked hacking group claims to have breached the computer network of a sensitive Israeli nuclear installation in an incident declared by the ‘Anonymous’ hackers as a protest against the war in Gaza.

The hackers claim to have stolen and published thousands of documents — including PDFs, emails, and PowerPoint slides — from the Shimon Peres Negev Nuclear Research Center. The secretive facility, which houses a nuclear reactor linked to Israel’s unavowed nuclear weapons program, has historically been targeted by Hamas rockets.

In a social media message explaining their intentions, the group claimed “as we are not as like as the bloodthirsty Netanyahu and his terrorist army we carried out the operation in such a way that no civilians were harmed.”

Despite this statement, in another a social media message the group said it did “not intend to have a nuclear explosion but this operation is dangerous, and anyhting might happen,” alongside an animated video depicting a nuclear detonation and a call for the evacuations of the nearby city of Dimona and the town of Yeruham.

While the documents that have been released potentially suggest the hackers were able to compromise an IT network connected to the facility, there is no evidence they have been able to breach its operational technology (OT) network. Even in the case they did, nuclear facilities have numerous failsafe systems in place to prevent dangerous incidents.

The Israeli embassy in London did not respond to a request for comment about the incident.

Gil Messing, the chief of staff at Israeli cybersecurity company Checkpoint, told Recorded Future News his company was aware of the Anonymous group which was established with its own Twitter and Telegram accounts around the start of the country’s war on Hamas in Gaza.

Checkpoint has mostly observed the hackers echoing attacks carried out by Iranian groups, with Messing suggesting that these might all be the same groups operating under different names.

The Iranian Ministry of Foreign Affairs did not respond to a request for comment.

“So far, some of these attacks were bogus, some genuine, so regarding this specific one it’s hard to say if it’s genuine,” said Messing.

As Messing previously told Recorded Future News, the country’s cybersecurity companies have been closely monitoring Iranian state-backed hackers since the war in Gaza began last October. Iran is a supporter of the Palestinian group Hamas.

Cyberattacks against Israel and its allies have been “relentless” since the war began, he said. Threat actors have been behind enormous data dumps, broken into government computer systems, hacked into Israeli security cameras, stepped up disinformation campaigns and targeted industrial control systems halfway across the world.

In this incident, he added that Checkpoint has analyzed documents which the hackers released. “We can say that they are mostly not very sensitive (mostly around emails, names, vendors they work with) but could be sensitive for future attacks like phishing and others.”

Messing stressed that the documents were not evidence the hackers had control over any of the facility’s operational systems.

CybercrimeGovernmentNewsTechnology
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Alexander Martin

is the UK Editor for Recorded Future News. He was previously a technology reporter for Sky News and is also a fellow at the European Cyber Conflict Research Initiative.

 

Total
0
Shares
Previous Post

Russia-linked hackers use Smokeloader malware to steal funds from Ukrainian enterprises

Next Post

International freight tech firm isolates Canada operations after cyberattack

Related Posts

Researchers Uncover Major Security Vulnerabilities in Industrial MMS Protocol Libraries

Details have emerged about multiple security vulnerabilities in two implementations of the Manufacturing Message Specification (MMS) protocol that, if successfully exploited, could have severe impacts in industrial environments. "The vulnerabilities could allow an attacker to crash an industrial device or in some cases, enable remote code execution," Claroty researchers Mashav Sapir and Vera
Avatar
Read More

Researchers Discover Command Injection Flaw in Wi-Fi Alliance’s Test Suite

A security flaw impacting the Wi-Fi Test Suite could enable unauthenticated local attackers to execute arbitrary code with elevated privileges. The CERT Coordination Center (CERT/CC) said the vulnerability, tracked as CVE-2024-41992, said the susceptible code from the Wi-Fi Alliance has been found deployed on Arcadyan FMIMG51AX000J routers. "This flaw allows an unauthenticated local attacker to
Avatar
Read More

Experts Uncover 70,000 Hijacked Domains in Widespread ‘Sitting Ducks’ Attack Scheme

Multiple threat actors have been found taking advantage of an attack technique called Sitting Ducks to hijack legitimate domains for using them in phishing attacks and investment fraud schemes for years. The findings come from Infoblox, which said it identified nearly 800,000 vulnerable registered domains over the past three months, of which approximately 9% (70,000) have been subsequently
Avatar
Read More