Summary of the announcement of the Israel Cyber Organization:

Summary of the announcement of the Israel Cyber Organization:

Iran and Hezbollah were behind the attempted cyber attack on the “Ziv” hospital at the height of the “Iron Swords” war.

The attack failed in an attempt to disrupt hospital operations.

In the joint efforts of the Cyber Organization, the Israel Defense Forces, the Shin Bet, the Ministry of Health, and hospital staff, the attack was stopped before it reached its goal of disrupting hospital operations and harming the medical treatment of civilians. However, the group was found to have stolen some sensitive information stored in the hospital’s systems.

Research showed that the AGRIUS cyber attack group, which belongs to the Ministry of Information of Iran, attempted to carry out a cyber attack on Ziv Hospital at the end of November 2023, with the aim of damaging its normal operation, against the background of the “Iron Swords” war. The attack was carried out by the Ministry of Information in cooperation with a Hezbollah cyber unit called ‘Lebanese Cedar’, which is led by Mohammad Ali Marei.

#CyberAttack #Iran #APT #MOIS

Let’s break this down

The announcement directly attributes the attempted cyber attack to Iran’s Ministry of Information and Hezbollah’s Lebanese Cedar unit, showing a coordinated effort between state and non-state actors targeting Israeli infrastructure.

The choice of Ziv Hospital as a target during the “Iron Swords” war demonstrates a strategic aim to disrupt critical infrastructure amidst heightened tensions. Targeting a medical facility has severe humanitarian implications, signaling a potentially escalating cyber warfare strategy.

The attack did not achieve its primary objective of disrupting hospital operations, showing effective cyber defense measures on the part of Israeli cybersecurity forces and hospital staff. The collaboration among various Israeli defense and health entities suggests a high level of preparedness and inter-agency cooperation.

Despite the failure to disrupt operations, the attackers successfully stole sensitive information from the hospital’s systems, underlining the dual nature of cyber threats, combining disruption with intelligence gathering.

Identifying the AGRIUS group, affiliated with Iran’s Ministry of Information, and the Lebanese Cedar unit, led by Mohammad Ali Marei, provides specific intelligence about the actors involved, detailing analysis and possibly ongoing surveillance of these groups by Israeli cyber defense agencies.

The attempt to attack a civilian medical facility during a conflict period marks a significant escalation in cyber warfare tactics. Iran is increasing the integration of cyber operations in broader military strategies and the willingness to target essential civilian services.

The attempted cyber attack on Ziv Hospital by lran and Hezbollah highlights the growing complexity and severity of cyber threats. Israels’ successful defense against the attack demonstrates effective cyber resilience, while the data breach indicates ongoing vulnerabilities in protecting sensitive information.