Israel publicly blames Iran for cyberattack on major university last month
National Cyber Directorate says it traced assault on Technion Institute to group calling itself MuddyWater, which is affiliated with Iranian government intelligence
The Israel National Cyber Directorate announced Tuesday that a group affiliated with Iranian intelligence was behind an internet attack last month on the Technion, a top Israeli research and education institute.
In a statement, the directorate said an investigation found the attack was carried out by a group known as MuddyWater, “which is affiliated with Iran’s Ministry of Intelligence and Security.”
It said the same group has been blamed for many other attacks around the world. According to the directorate, last year the US and the UK said the group was behind a series of online assaults in Asia, Africa and North America.
The directorate said the probe revealed that the attack used malware that was designed to encrypt operating systems. It has since distributed to other organizations methods to identify the attack so that they can block similar attempts, also providing additional recommendations for ways to defend themselves.
It also noted that during the Muslim month of Ramadan, set to begin at the end of March, “cyberattacks are promoted against a variety of targets in Israel with the aim of disrupting their business activities and harming their good name.”
It called on organizations to up their level of protection in expectation of a bout of attacks in the coming weeks.
When the February 11 attack struck, the Technion disconnected its computer system and administrators postponed some scheduled examinations until the beginning of the coming spring semester, Ynet reported at the time. Students were also asked to disconnect their computers from the internet and to limit their use of email until an all-clear was given.
Ynet also reported that the university received an email from a group calling itself DarkBit that demanded 80 bitcoins ($1.79 million) from the Technion as a ransom for information it had obtained.
A week and a half later, the Israel Hayom newspaper cited Technion sources saying that the incident was not a ransom attack but rather a politically motivated action.
“The choice of us as a target was not accidental, and its purpose was to harm a national icon,” a source said, noting that an assessment had found it was tied to Iran.
At the time of the attack, the directorate said that in 2022 it had identified 53 cyber incidents at Israeli academic institutions, most of which were blocked.
Israel and Iran have been engaged for years in a largely clandestine cyberwar that occasionally bubbles to the surface. Israeli officials accused Iran of attempting to hack Israel’s water system in 2020, while Iran has also blamed Israel for cyberattacks on the country’s infrastructure.
Aside from the attempted attack on the water system, a cyberattack last year thought to have been carried out by an Iranian group caused false rocket sirens to ring out in Jerusalem and Eilat.
In 2021, a hospital in central Israel came under a major cyberattack, and its systems remained down for several days until military officials and other experts assisted in restoring its data.