Iran reportedly launched a cyberattack against Israel’s “water infrastructure” last month and used American servers in the attempt.
The attack is believed to have been carried out in late April and was routed through servers in the United States. A senior official with the U.S. Department of Energy told Fox News this week that President Trump’s administration works to protect allies from attacks but would not elaborate on the reported breach.
According to Israeli news organization Ynet, there was a two-day incursion against the Israeli Water Authority beginning on April 24, but it is unclear whether at any point the attackers managed to wrest control of pump operations. An internal memo sent by the authority reportedly urged personnel to change the passwords to the facility systems.
“We have received a number of reports regarding a cyberattack on the … systems. No damage was reported during the incident,” Daniel Lacker, the head of the authority’s security department, told Avi Azar, who leads the cyber department.
A senior administration official told the Washington Examiner that the U.S. has been at “the forefront” of efforts to define a global consensus about how countries should operate in cyberspace and has worked “to hold nefarious cyber actors accountable.”
“We are increasingly able to demonstrate that there are consequences for irresponsible behavior in cyberspace and that all instruments of national power are available to prevent, respond to, and deter malicious cyber activity all around the world,” the official said.
The reported attack came at the height of the coronavirus pandemic, which has sickened more than 16,000 in Israel and killed at least 239 people.
Iran has been one of the hardest-hit countries from the virus, with its regime reporting more than 100,000 cases and almost 6,500 deaths. The country’s claims have been highly disputed, with a leading Iranian dissident group claiming in a Thursday email to the Washington Examiner that it has tallied almost 40,000 deaths in the country since the pandemic began. Late last month, the regime arrested 3,600 people for “spreading rumors about coronavirus.”
The U.S. Department of Homeland Security issued an intelligence bulletin in January warning of the threat from Iranian cyberattacks to law enforcement agencies across the country.
When contact by the Washington Examiner, a spokesperson with the State Department said that the department “will not speculate on the actor behind the reported cyberattacks against the Israeli water sector.”
“The United States has zero tolerance for malicious cyberactivity that impairs the response to this global pandemic,” the spokesperson said. “The United States promotes a framework of responsible state behavior in cyberspace, including nonbinding norms regarding states refraining from cyberactivities that intentionally damage critical infrastructure and knowingly allowing their territory to be used for malicious cyberactivities. When states do not abide by this framework, we hold them accountable.”
