Israeli cybersecurity firms say a hacker team who in the past worked with Iran’s Revolutionary Guards led a new campaign against Israeli targets called ‘Operation Quicksand’
Two Israeli cybersecurity firms said Thursday that they thwarted a large-scale, Iranian-linked hacker operation in September called Operation Quicksand, which targeted “prominent Israeli organizations.”
The alleged attack would seem to indicate a “new phase” in Iranian attacks against Israel, the firms said, adding that the tools used have previously been reserved for criminal operations – as opposed to destructive offensive cyberattacks by state actors like Iran.
The claims were made in a report by cyber firms Profero and ClearSky. Two independent experts who read the report confirmed that its findings are in line with what is known about Iranian-linked hacking operations. They said the incident may well be the latest in the covert cyber war between Israel and the Islamic Republic.
Both requested anonymity due to their ties to Israel’s defense establishment.
According to the report, a group of hackers was discovered to have sent malware to Israeli organizations last month. The hacker group, called MuddyWater, was previously exposed as a contractor for the Iranian Revolutionary Guard Corps, they wrote.
The Israel National Cyber Directorate refused to address the attackers’ identity but told Haaretz that the information revealed in the report “is known to us, and we’ve published a number of warnings about them in September.”
These warnings, they said, included cues that are unique to the attackers, which could allow potential victims to identify attempts on their systems.
What made the attack suspicious, Profero head Omri Segev Moyal told Haaretz, was that it appeared to function like a criminally driven ransom attack, but “the main goal was not to actually steal data but rather, to cause damage in Israeli targets.”
Data theft is often the key to ransom attacks, but in this case “the hackers wanted to cause damage and they only disguised it as ransomware,” Segev Moyal said.