A number of Israeli websites were hacked in a massive, coordinated cyber attack this morning, according to the Israel National Cyber Directorate which is monitoring the breach.
The attack appears to have been launched by a group calling itself the Hackers of Saviors, according to a video broadcast on the hacked sites showing a simulation of bombings across Israeli cities as well as a number of messages threatening the destruction of the country.
The video starts with the message “Be ready for a big surprise,” and ends with “Israel will not see the next 25 years.”
The directorate recommended users avoid clicking on any links on the affected sites which included some local authorities and NGOs, an internal page of the emergency service United Hatzalah, the official site of Meretz leader Nitzan Horovitz and food chains such as Cofix and Aroma.
A majority of the sites hit in the attack were hosted by a single company, Upress, which said it was working to fix the breach.
“We have identified a security flaw in the WordPress plug-in that led to the hacking, we are working with the state’s cyber authority, and conducting a security investigation while handling the [affacted] sites,” Upress said in a post this morning. Upress said the sites and the data were backed up.
The National Cyber Directorate said the “surface-level attack” was launched through a single company that hosts all the sites,” without naming the company.
Sign up for our free weekly newsletterSubscribe
Einat Meyron, an Israeli cyber resilience expert, blasted the hosting company on her LinkedIn page, saying such hacks “exploit a weakness that could have been solved years ago.”
“Hosting companies cannot continue to work with default passwords and without WAF (web application firewall). It also cannot be that anyone who has spent valuable time building a website and writing content doesn’t spend 5 minutes to ask themselves ‘how is my site protected?'”
Meyron said attackers seek to breach a number of sites through a single access point, often through commonly-used passwords. She urged site owners to check their level of protection with third-party providers.
The source of the attack was not known, though Hebrew-language news sites attributed the breach to Iranian hackers.
It came after Israel was linked to a cyber attack earlier this month at Iran’s Shahid Rajaee port that caused massive disruptions on waterways and roads leading to the facility, according to a Washington Post report.
The attack also came a day ahead of Quds Day, an annual event held on the last Friday of Ramadan initiated in 1979 by the Islamic Republic of Iran. The head of threat intelligence at Israeli cyber giant Check Point told the Kan news broadcaster that Quds Day often seen increased activity by hackers based in the Muslim world.