A wave of cyberattacks targeting Israeli companies that provide IT services to businesses across the country, possibly connected to Iran, has been identified, the National Cyber Directorate said on Wednesday.
The unsuccessful cyberattack targeting Shamir Medical Center on Yom Kippur earlier this month, which leaked emails containing sensitive patient information, was deemed by the directorate to be an Iranian attempt to disrupt the hospital's functions.
Luckily, the attack was contained before the hospital’s central medical record system could be compromised.
Most cyberattacks failed, only leaked data
According to the directorate's investigation, the hackers used stolen information to gain access to the targeted systems. While most incidents did not cause any operational disruption, some did cause data leaks.
“Thanks to quick communications and a hasty, focused response, the incidents were contained quickly and efficiently, preventing broader harm to the economy,” said Yossi Karadi, head of the National Cyber Directorate.
“In the case of Shamir Medical Center, beyond the data leak, the very attempt to harm a hospital in Israel is a red line that could have endangered lives.”
The directorate urged the public to operate with a higher level of awareness and caution, and to immediately report suspicious activity.
European group claimed responsibility
Initially, a ransomware group from Eastern Europe claimed responsibility, posting an extortion demand with a 72-hour deadline. However, Israeli authorities later determined that Iranian actors orchestrated the operation.
Officials said the incident was linked to a larger campaign targeting Israeli companies and critical service providers in recent weeks. More than ten private firms have faced cyberattacks, often exploiting vulnerabilities in digital service providers within supply chains.
Since the start of 2025, Israel has thwarted dozens of Iranian cyberattacks targeting prominent civilians, including security officials, politicians, academics, journalists, and media professionals. The Shin Bet security agency said these operations aim to collect sensitive personal data that could later be used in physical attacks within Israel, potentially carried out by locally recruited operatives.
Dr. Itay Gal and Pesach Benson/TPS contributed to this report.