Maritime Computer Emergency Response Team ADMIRAL dataset ADMIRAL dataset

Publicly disclosed information for this event

Index Number:
Title:
2022_019
Political Hacker group publishes port restricted CCTV footage
Day Month Year Country Activity Incident Type
23 February 2022 Israel Port Data leak

Summary

The victims, two major ports, Ashdod and Haifa, were targeted by Iran's Islamic Revolutionary Guard Corps (IRGC) during an attack. The attacker broadcasted videos captured from security cameras at these sites. Along with the footage, which depicted entry gates, office settings, and workers, the IRGC also released personal details, identification documents, and other sensitive information about hundreds of port staff on its Telegram app channel.

According to sources, Iranian hackers affiliated with the IRGC claimed responsibility for the data acquisition. However, representatives from both Israeli ports have countered these claims, emphasizing that the displayed footage and data were not directly extracted from their security apparatus. Instead, they believe the information was sourced from a third-party company that previously managed camera operations at the ports. They further underscored that the showcased videos were outdated. How the hackers obtained detailed information about the port employees remains unclear.

This attack follows an alleged cyberattack on Iran's Shahid Rajaee port, purportedly initiated by Israel, sources report, on May 9, 2020.

Victim

Haifa and Ashdod ports

Claimed/Reported Threat Actor

Iran

Origin

Political

Main impact

Confidentiality

References

  1. https://english.iswnews.com/22922/israel-the-ports-of-haifa-and-ashdod-were-hacked-video-and-files/
  2. https://www.middleeastmonitor.com/20220224-iran-hacks-cctv-at-israels-haifa-ashdod-ports/
  3. https://www.timesofisrael.com/iranian-hackers-publish-cctv-footage-workers-details-from-haifa-ashdod-ports/

Recommendations to Port to reduce Data leak risks:

  • Ensure data encryption measures are in place to protect sensitive information.
  • Implement access controls to limit data access to authorized personnel only.
  • Regularly audit and monitor data access and transmission for potential leaks, for instance via Security Operation Center services.
  • Check and test all communication and customers and third parties-focused plans.
Previous Next
Disclaimer: the data are provided as is. France Cyber Maritime and the M-CERT take no responsibility for the soundness, quality, precision, nor the eventual attribution made by the referenced URLs. We give a lot of respect and support to the victims of attacks.
Files generated on Monday, 11th December 2023.
ADMIRAL is licensed under the Creative Commons CC-BY-NC license. Copyright © France Cyber Maritime 2023.