Gantz orders probe after TV reports hint IDF behind Iran steel plant cyberattack

Defense minister says recent leaks violate Israel’s ‘ambiguity policy’; reports say dramatic video of factory fire was shown to military chief during visit to intelligence unit

Emanuel (Mannie) Fabian is The Times of Israel's military correspondent

Iran’s Khuzestan Steel Co. factory floor after heavy machinery malfunctions and causes a fire, following an apparent cyberattack, June 27, 2022. (Screenshot: Twitter)
Iran’s Khuzestan Steel Co. factory floor after heavy machinery malfunctions and causes a fire, following an apparent cyberattack, June 27, 2022. (Screenshot: Twitter)

Defense Minister Benny Gantz on Thursday ordered his ministry’s security department to conduct an investigation into recent media leaks that harmed Israel’s “ambiguity policy,” shortly after Hebrew-language television strongly hinted that a Military Intelligence unit was responsible for a cyberattack in Iran.

Channel 12 news, Channel 13 news, and the Kan public broadcaster reported that Israel Defense Forces chief of staff Aviv Kohavi recently visited the 8200 intelligence unit’s headquarters and was presented with a video from the aftermath of Monday’s cyberattack that forced the Iranian state-owned Khuzestan Steel Co. to halt production.

The dramatic video, aired on the networks, showed a large fire burning in the factory, with people shouting for help.

During his visit to 8200, Kohavi “likely” thanked the unit for “a series of incidents” attributed to Israel, Channel 12’s military correspondent Nir Dvori said.

In a tweet after the reported cyberattack, Channel 13’s Or Heller said that “there were a lot of red eyes” at 8200 headquarters.

Israel generally maintains a policy of ambiguity regarding its operations against Iran.

Slightly breaking from tradition, now-former prime minister Naftali Bennett repeatedly spoke of what he called the “octopus doctrine” of striking Iran directly rather than its “tentacles,” amid numerous reports of assassinations of senior Iranian officials in Iran. Bennett, however, did not directly confirm any specific incident.

Gantz ordered the Director of Security of the Defense Establishment, an internal Defense Ministry investigatory unit known in Hebrew as Malmab, to probe “recent leaks from closed discussions… as well as leaks from operational events, in a manner that violates the ambiguity policy of Israel,” his office said in a statement.

The investigation also comes in the wake of a report that senior intelligence officers were at odds with Kohavi and the Mossad spy agency over their stance on the Iran nuclear deal. Gantz responded to that report too, saying discourse relating to the nuclear deal must be kept behind closed doors.

Defense Minister Benny Gantz attends a conference in Jerusalem, June 21, 2022. (Yonatan Sindel/Flash90)

Three major steel producers were reportedly targeted in Monday’s cyberattack. An anonymous hacking group claimed responsibility on social media for the assault, saying it had launched the attack in response to the “aggression of the Islamic Republic.”

The group, calling itself “Gonjeshke Darande,” shared what purported to be closed-circuit footage from the Khuzestan Steel Co. factory floor that showed the malfunction of a piece of heavy machinery on a steel bar production line, causing a massive fire.

Israeli military correspondents, who are regularly briefed off-the-record by senior Israeli officials, hinted that it was a retaliation to a suspected cyberattack that caused rocket sirens to be heard in Jerusalem and Eilat last week.

Bennett on Tuesday said anyone who attempts a cyberattack against Israel will “pay a price,” in a warning directed at Iran.

Prime Minister Naftali Bennett speaks at the annual Cyber Week conference in Tel Aviv, June 28, 2022. (Cyber Week, Tel Aviv University)

Israel and Iran have for years been involved in a largely clandestine cyberwar that occasionally bubbles to the surface. Israeli officials have accused Iran of attempting to hack Israel’s water system in 2020.

In turn, Iran has accused the United States and Israel of cyberattacks that have impaired the country’s infrastructure.

Iran disconnected much of its government infrastructure from the internet after the Stuxnet computer virus — widely believed to be a joint US-Israeli creation — disrupted thousands of Iranian centrifuges in the country’s nuclear sites in the late 2000s.

In a major incident last year, a cyberattack on Iran’s fuel distribution system paralyzed gas stations across the country, leading to long lines of angry motorists. The same anonymous hacking group, Gonjeshke Darande, claimed responsibility for the attack on fuel pumps.

Most Popular
read more: