Gantz says Iran and Hezbollah tried to hack UN peace force, steal deployment data
Speaking at Cyber Week event, defense minister warns Tehran is a leader of cyberterrorism, using ‘terrorists with keyboards’ as proxies
Emanuel (Mannie) Fabian is The Times of Israel's military correspondent.
Defense Minister Benny Gantz on Wednesday said Iran and its Lebanese proxy Hezbollah recently attempted a cyberattack against a United Nations peacekeeping force in southern Lebanon, in order to steal information about its activities in the area.
“The leader of global, conventional terrorism is Iran. This is also true for cyberterrorism,” Gantz said at the Cyber Week conference in Tel Aviv. “Iran operates via proxies such as Hezbollah in all dimensions — including cyber.
“Today I can reveal recent malign activities conducted by Iranian security institutions in cooperation with Hezbollah: an attempt to disrupt UNIFIL (United Nations Interim Force in Lebanon) operations,” Gantz said.
“They launched a cyber operation with the aim of stealing materials about UNIFIL activities and deployment in the area, for Hezbollah’s use,” he said. “This is yet another direct attack by Iran and Hezbollah on Lebanese citizens and on Lebanon’s stability.”
It was not immediately clear if the alleged joint Iranian and Hezbollah cyberattack against the UN peacekeeping force was successful, or when it had occurred.
Responding to Gantz’s remarks, UNIFIL said it has “not received any direct information on the alleged incident.”
“UNIFIL and the United Nations take cyber-security very seriously and have robust measures in place to protect our data,” it added in a statement.
Gantz said Israel knows “the cyber systems and operation methods of its opponents,” and had identified a trend of Iranian hacker groups operating against Israel, other countries in the Middle East, and the world in recent years.
He said Israel is aware of Iranian terror groups, led by the Islamic Revolutionary Guards Corps, that “have tried to carry out operations against international targets, including charities and government networks in the United States,” as well as attempts to influence the US presidential election.
“Following investigations published on this subject, we can confirm that the ‘Shahid Kaveh’ unit operated by the IRGC, which was revealed about a year ago, conducted research to damage ships, gas stations, and industrial plants in several Western countries including Britain, the US, France and Israel,” Gantz said, adding that the foiled attempts were carried out “under the direct instructions of Iran’s leadership.”
“These new proxies are ‘terrorists with keyboards,’ yet they are just like any other terrorist. We know who they are, we target them and those who direct them. They are in our sights as we speak — and not just in cyberspace,” he said.
“Not a single attack on Israel’s citizens will be met with silence. The responsibility for such attacks lies with the countries and terror groups that fund and guide them. There is a variety of possible responses to cyberattacks — in and outside of the cyber domain,” Gantz added.
Gantz’s comments came two days after a large cyberattack forced the Iranian state-owned Khuzestan Steel Co. to halt production, and two other major steel producers also reported being targeted.
Israeli military correspondents, who are regularly briefed off-the-record by senior Israeli officials, hinted that Israel was directly responsible for the assault in retaliation to a suspected cyberattack that caused rocket sirens to be heard in Jerusalem and Eilat last week.
Israel and Iran have for years been involved in a largely clandestine cyberwar that occasionally bubbles to the surface. Israeli officials have accused Iran of attempting to hack Israel’s water system in 2020.
During Wednesday’s conference, the deputy commander of the military’s 8200 intelligence unit said it had foiled that attack. “We thwarted the attempt to take over Israel’s critical water systems and poison them several years ago,” Col. Aleph, who can be identified only by the initial of his first name, said.
“In another case, we also identified that a certain opponent was attacking Israel, and while we were recognizing that, the same attacker was also trying to target power plants in the US. We were able to prevent this threat through close cooperation with our American partners,” he said.
In turn, Iran has accused the United States and Israel of cyberattacks that have impaired the country’s infrastructure.
Iran disconnected much of its government infrastructure from the internet after the Stuxnet computer virus — widely believed to be a joint US-Israeli creation — disrupted thousands of Iranian centrifuges in the country’s nuclear sites in the late 2000s.
In a major incident last year, a cyberattack on Iran’s fuel distribution system paralyzed gas stations across the country, leading to long lines of angry motorists. The same anonymous hacking group, Gonjeshke Darande, claimed responsibility for the attack on fuel pumps.
In a brief message in Hebrew at the conference, Gantz mentioned a video Hamas released on Tuesday of Hisham al-Sayed, an Israeli man held by the terror group in the Gaza Strip, showing him hooked up to oxygen and claiming his health had deteriorated.
“Yesterday a video was published, and its goal is extortion over a humanitarian issue. Hamas is holding captive for years the four boys against international law, against morals,” he said, referring to al-Sayed and Avera Mengistu, and the bodies of two Israeli soldiers, Oron Shaul and Hadar Goldin.
“Hamas is responsible for this, and our expectation is for the international community to act against this behavior. Israel is continuing to act in order to return them home,” he said. “It is a humanitarian issue, and blackmail and other tricks will not change our conduct.”
AP contributed to this report.