Iran-linked hackers hit Israel 'restaurant ventilation'

Iran-linked hackers took control of 'Israeli restaurant's kitchen ventilation' after trying to infiltrate 'gas system'
2 min read
27 May, 2021
One band of hackers alleged they had infiltrated a "gas system" in Israel but, in reality, had gained control of ventilation at a restaurant.
One band of hackers alleged they infiltrated a 'gas system' in Israel [Andia/Universal Images Group/Getty-file photo]

Iran-linked hacking efforts against Israel have had mixed results, based on recently released reports.

US-based cybersecurity outfit FireEye published research into crude offensives against industry and infrastructure systems in Israel on Tuesday.

It said groups with apparent "political" aims are often carrying out these types of digital activities.

FireEye identified cases where hackers' remarks show they either failed to fully comprehend the systems they attempted to infiltrate or wanted to generate infamy.

One band of hackers said they had performed an attack in Israel, hitting back over a gas explosion near a missile facility in June 2020.

Figures within both Israel and the United States' intelligence apparatus denied involvement at the time, according to The New York Times.

The hackers said they had infiltrated a "gas system" in Israel, which FireEye revealed was, in reality, controlling ventilation at a restaurant kitchen in the city of Ramat Hasharon, which neighbours Tel Aviv.

Collectives employing "anti-Israel/pro-Palestine rhetoric" online do appear to have infiltrated systems such as a "solar energy asset", though there was no mention of country of origin.

It is also unclear what the significance of these systems were.

Analysis
Live Story

The FireEye report came on the same day as another about a "threat group" named Agrius, released by SentinelOne, an Israeli digital security company.

SentinelOne said Agrius have been active in Israel since 2020.

The company said this began with spying activities, before Agrius moved to "wiper attacks".

"Wipers" are software that destroys or "wipes" the files and other data on a victim's system.

SentinelOne said it has "medium confidence" that Agrius is "of Iranian origin" due to factors including its use of this approach, which it claims is commonly used by Iranian groups.

Agrius reportedly uses a wiper called "Apostle", which it is believed to have developed itself.

This was not properly developed at first and so did not work.

Iran's proxies and allies in the Middle East
Click here to enlarge image

This caused the hackers to turn to DEADWOOD in its Israel offensive, another wiper that is suspected of ties to an Iranian group.

However, they have since fixed the problem and made Apostle work as ransomware, allowing it to hold files hostage.

SentinelOne argued, based on evidence, that this is being used "for its disruptive capabilities".

The organisation said a UAE "nation-owned critical infrastructure facility" was attacked with it.

The cyber efforts against Israel come amid what has been described as a "shadow war" between it and Iran.

Last July, the underground nuclear facility of Natanz sustained significant damage, with Tehran claiming Israel was behind this.