Israel reported a cyberattack, which defaced websites of the country’s major organizations, political groups, and industrial ranks. The hack took place on Thursday morning (21 May) through uPress, a website hosting provider. Soon after, uPress released a statement on its official Facebook page stating that the root cause of the cyberattack was a WordPress vulnerability exploited by cybercriminals. It is now working with the National Cyber Security Authority (NCSA) of Israel to reinstate all the original content to the last known point before the cyberattack took place.
Attack ahead of “Quds Day”
Quds Day or Jerusalem Day (Quds in Arabic means Jerusalem) is an annual event held on the last Friday of Ramadan by the Islamic Republic of Iran since 1979, in support of Palestinians and to oppose Zionism and Israel.
Amid the COVID-19 social distancing scenario, there are very limited mass gatherings legalized by the Iranian government for the “Quds Day”. Thus, it seems likely that threat actors took advantage of cyberspace to launch attacks without physical combat. uPress claimed that the hackers were Iranian, however, it provided no further details.
The attack also came within a couple of weeks of a cyberattack that aimed at disrupting operations at Iran’s Strait of Hormuz Port (Shahid Rajaee Port, near the city of Bandar Abbas). In a press release to the Fars News Agency, Mohammad Rastad, Managing Director of the Ports and Maritime Organization (PMO), mentioned the hand of a foreign entity aimed at disrupting the critical operations and trade in the region. Thus, experts also fear that this could be a retaliatory cyberattack from Iran towards Israel.
The video posted on the defaced website warned about the destruction of Israel in the coming days and a mention of a malicious threat group “Hackers of Saviors”. This prompted one of the experts to link the cyberattack ties to Turkey, North African countries, and the Gaza Strip. It gave no clear indication of Iran’s involvement though. Later in the day, however, Channel 12 News said it did not appear to have been initiated by Iran but may have involved Iranian threat actors.