Iran is being linked to an attempted cyberattack last month that authorities believe was aimed at disrupting water supplies in at least two locations in Israel as that country was seeking to contain a covid-19 outbreak, according to foreign intelligence officials familiar with the matter.
The incident, which occurred on April 24 and 25, was quickly detected and thwarted before it could cause damage. But Israeli officials and analysts fear it could signal a further escalation in hostilities between the two countries and that Iran is getting bolder in its efforts to sabotage key systems. “Cyberattacks that intentionally damage critical infrastructure shouldn’t be condoned,” said a senior Trump administration official, who declined to discuss any specific incident and who, like others, spoke on the condition of anonymity because of the topic’s sensitivity. “We think they’re very destabilizing.”
The hackers sought to cripple computers that control water flow and wastewater treatment for a pair of rural districts in Israel, according to two officials of a foreign government that monitored the attack in real time.
Investigators found that the hackers routed their attempted attack through computer servers in the United States and Europe – a common tactic used by adversaries of the West.
Officials at the White House, National Security Agency and multiple other agencies declined to comment.
The alleged Iranian link to the attack was first reported by Fox News. Spokesmen for the Israeli government and Israel Defense Forces would neither confirm nor deny the report. An Iranian official denied that his country was involved in that attack. “The Iranian government does not engage in cyberwarfare,” said Alireza Miryousefi, spokesman for Iran’s Mission to the United Nations in New York.
The foreign intelligence officials described the attack as coordinated, but not particularly sophisticated. The intruders targeted “programmable logic” controllers that operate valves for water distribution networks. The two affected districts serve a variety of residential, medical and commercial customers, providing fresh water as well as wastewater removal and treatment. At the time, much of the population was under lockdown because of the pandemic.
The attack was initially detected by employees of the Israel Water Authority, who alerted Israel’s cybersecurity agency. Israeli government officials said the attack was quickly detected and defeated, causing no damage or harm to water supplies. Employees were instructed to change operational system passwords, the officials said.
If Iran’s involvement is verified, it would not be the first time Tehran has been linked to cyberattacks in Israel and other Middle East adversaries. Saudi Arabia blamed Iran for a 2012 cyberattack that knocked out computers for the oil giant Saudi Aramco, though not its operational systems.
In January, Prime Minister Benjamin Netanyahu said Israeli security officials are constantly detecting and foiling Iranian attempts to penetrate the country’s computer networks. “Israel has been a priority target for Iran for years,” said John Hultquist, director of intelligence analysis for FireEye, a U.S. cybersecurity firm.
Israel has engaged in cyber-sabotage against Iran as well. U.S. and Israeli intelligence agencies created the computer worm called Stuxnet, which crippled 1,000 centrifuge machines made by Iran to enrich uranium. Neither country has officially confirmed its role. U.S. officials believe the attack, discovered in 2010, set back Iran’s nuclear program by months.
Iran to date has not successfully carried out a cyberattack sabotaging industrial equipment. Iranian hackers penetrated controllers at a small dam in New York in 2013, but did no damage. They have also gained access to U.S. electric systems, but have not caused disruptions.
“The fact is they’re getting more aggressive,” said Robert Lee, a former NSA operator who co-founded Dragos, a cybersecurity firm specializing in defending industrial control systems. “And they’re getting better. The public should not freak out, because the asset owners are taking steps to shore up their systems, but they must do more.”