6 facilities said hit in Iran’s cyberattack on Israel’s water system in April

A pump went into continuous operation at one site and data was changed at another, report says; but no significant damage or interruption in supplies

The Eshkol water filtration plant in northern Israel, April 17, 2007. (Moshe Shai/FLASH90)
Illustrative: View of the Eshkol Water Filtration Plant in Northern Israel, April 17, 2007. (Moshe Shai/FLASH90)

Six facilities were hit in an Iranian cyberattack last month on the country’s water infrastructure that succeeded in impacting some systems but did not cause any disruption in the water supply or waste management, the Ynet news site reported on Tuesday.

At one of the Israel Water Authority facilities, an “irregularity due to an unplanned change in data” was recorded, the report said. At another station, a pump went into continuous operation, prompting operators to shut off its automatic mode.

Hackers also succeeded in taking over the operating system at one of the sites, while at another changes were made to operating systems. At one of the facilities, operators detected the cyberattack and immediately disconnected the site’s systems, reset parameters and changed all the passwords.

The hackers did succeed in wiping out information at one site, though it was later restored, the report said.

In the wake of the attack, the Water Authority ordered that all passwords be changed at its installations, with a focus on operating systems and “in particular for systems that add chlorine to wells.”

The Water Authority and Israel National Cyber Directorate identified the series of cyber incidents on April 24-25. The water authority’s cybersecurity chief told Ynet that none of the incidents caused damage or affected water supplies or wastewater management. However, a source described in the report as involved in the incident accused the water authority of “neglect” in not being better able to protect its sites.

The Water Authority and the National Cyber Directorate confirmed earlier this month an “attempted cyber breach on water command and control systems.”

“The attempted attack was dealt with by the Water Authority and National Cyber Directorate. It should be emphasized that there was no harm to the water supply and it operated, and continues to operate, without interruption,” it said.

The Shahid Rajaee port facility in the Iranian coastal city of Bandar Abbas (Iran Ports and Maritime Organization)

Israel reportedly responded to the incident with a sophisticated cyberattack on an Iranian port facility, causing widespread chaos in the Islamic Republic.

On Monday the Washington Post, citing foreign and US officials, said Israel was likely behind a hack that brought the “bustling Shahid Rajaee port terminal to an abrupt and inexplicable halt” on May 9.

Iran later acknowledged that an unknown foreign hacker had briefly knocked the port’s computers offline.

The port is a newly constructed shipping terminal in the Iranian coastal city of Bandar Abbas, on the Strait of Hormuz.

But the damage was far more severe than Iran acknowledged and was apparently carried out by Israeli operatives, the Post said, quoting a security official with a foreign government that monitored the incident.

The official, who spoke on the condition that his identity and national affiliation not be revealed, called the attack “highly accurate,” the Post said.

Israel was reportedly aghast at the Iranian attack on its water infrastructure. A May 7 meeting of the high-level security cabinet, the first one held in months, dealt in part with the Iranian attack, Israeli television reported.

Quoting unnamed senior officials, Channel 13 news said on May 9 that the attack in late April was viewed as a significant escalation by Iran and a crossing of a red line because it targeted civilian infrastructure.

Earlier that day Fox News reported that Iran was behind the attack, with hackers using American servers to carry out the breach. A senior US Department of Energy official told Fox News that the Trump administration was committed to protecting allies from cyberattacks but would not comment on the specific incident, saying an investigation was ongoing.

There was no official confirmation of the report by Israeli or US officials.

Iran — whose regime avowedly seeks Israel’s destruction — and Israel have engaged in covert cyber-warfare for over a decade, including reported efforts by the Jewish state and US to remotely sabotage the Islamic Republic’s nuclear program.

Israel has also in recent weeks appeared to step up a bombing campaign on Iran-linked forces in Syria, concerned at Iran’s ongoing efforts to establish a potent military presence there from which to attack Israel. The Iranian-funded and -armed Hezbollah terror group faces off against Israel from Lebanon, and Iran backs Palestinian terror groups in the West Bank and Gaza.

The Islamic Republic is smarting from one of the world’s most severe COVID-19 outbreaks. Experts have recently warned that the coronavirus pandemic has created a perfect storm for cyberattacks, with millions of people working in unfamiliar, less secure circumstances and eager for information about the virus and with new organizational policies being implemented.

Agencies contributed to this report.

read more:
Never miss breaking news on Israel
Get notifications to stay updated
You're subscribed