defence connect logo



Israeli government agencies face wave of ransomware attacks

A relatively new threat group has been targeting Israeli government agencies in recent days.

A relatively new threat group has been targeting Israeli government agencies in recent days.

The DarkBit hacking group, which first made an appearance in 2023, is infamous for targeting Israeli organisations and agencies and has continued to do so in recent days. It said on its X account that it is “against any kind of racism, fascism and apartheid”, adding the hashtag #HackForGood.

It was reported on 11 March by the VenariX threat feed that the group had hit a trio of government agencies – the Israel National Cyber Directorate, the Municipality of Tel Aviv-Yafo, and the Israel Ministry of Health‘s mental health division.


In all three instances, the threat group gained unauthorised access to the three agencies’ systems and posted news of the breaches on its Telegram.

“We hacked Israel National Cyber Directorate (INCD) or precisely ‘Israel National Centre of Dummies’ – the centre for a bunch of idiots,” the group wrote.

“Our pioneer nation has the right to know who are in charge of their privacy, security and personal data. You should know the idiots who aren’t able to protect themselves.”

The group posted similar messages on Telegram for the other two breaches.

Based on the group’s messages, the attacks appear to be politically motivated, with attacks likely increasing as the war between Israel and Hamas/Palestine continues and Israel pushes further into Palestine.

“Do you think our city is ready for a big war?” the group wrote regarding the attack on the Municipality of Tel Aviv.

Additionally, in its announcement of the attack on the Israel Ministry of Health, the group made direct reference to the 7 October attacks and the war that followed it.

“Our society’s mental health is kidnapped by a stupid administration. A lot of nightmares came true, not only after October 7 but also after ignoring the people, the hostagers and their families and friends,” it said.

While it is unverified whether any data was stolen, DarkBit said in all three attacks that it had exfiltrated data from the three agencies.

While there is a political undertone behind DarkBit’s actions, its intentions are unclear, being a ransomware gang, a group that are usually after financial gain.

DarkBit first appeared in February 2023 after the Israel Institute of Technology – Technion was targeted by the threat group.

The hacker’s initial message was politically motivated but much less aggressive.

“We’re sorry to inform you that we’ve had to hack Technion network completely and transfer ‘all’ data to our secure servers,” it wrote to the university.

“So, keep calm, take a breath and think about an apartheid regime that causes trouble here and there.”

It provided the university with instructions on how to pay and even ended the message with “good luck”.

You need to be a member to post comments. Become a member for free today!