Leading Israeli research institute falls prey to cyberattack

In ransom note littered with anti-Israel rhetoric, hackers threaten to leak Technion’s data online if demands not met within five days
Roei Hahn, Yuval Mann|
Computer servers at the Technion Institute of Technology in Haifa were targeted by a cyberattack overnight Sunday, a spokesperson for the university confirmed in a statement.
  • Follow Ynetnews on Facebook and Twitter

  • According to the statement, all of the university's computer systems have been disconnected deliberately until a probe sheds light on the extent and intent behind the attack.
    3 View gallery
    (Photo: Shutterstock)
    While the academic institute did not divulge information about the nature of the attack, in an email that reached Ynet and was allegedly sent by the group – going by the name Darkbit, hackers demanded that Technion pay 80 bitcoin, or about $1,750,000, in ransom.
    The hacker group threatened to increase the requested sum by 30% if their demands are not met within 48 hours, and put all of the university's data up for sale on the web after five days.
    Despite the attack, classes at the Technion took place as usual on Sunday, with students being asked to disconnect their personal computers from the local network and minimize email traffic until further notice.
    Cybersecurity experts recommend against paying ransom for two reasons: firstly, there is no guarantee the attackers will keep their word and return the stolen information, and secondly, paying ransom encourages hackers to continue targeting other companies and organizations.
    3 View gallery
    הודעת הכופר ששלחו התוקפים
    הודעת הכופר ששלחו התוקפים
    Ransom note sent after the attack
    (Photo: Ynet)
    The wording of the email that followed the attack is littered with anti-Israeli rhetoric, which suggests the attack was motivated by ideological reasons, and not greed.
    "We regret to inform you that we’ve had to hack Technion network completely and transfer ‘all’ data to our secure servers," the attackers wrote in the email, "Keep calm, take a breath and think about an apartheid regime that causes troubles here and there. They should pay for their lies and crimes, their names and shames.”
    “They should pay for occupation, war crimes against humanity, killing the people (not only Palestinians’ bodies, but also Israelis’ souls) and destroying the future and all dreams we had. They should pay for firing high-skilled experts," the mail read.
    Alex Steinberg, a product manager at cybersecurity firm ESET, explained that "the motivation to steal information from the institute could stem from a number of reasons. Firstly, countries like Iran, China, and Russia, could benefit greatly from the information. Additionally, they may want to steal the information to sell it for a profit.”
    “In the ransom note, it seems that the attackers are demanding a monetary sum, but it could be a façade for other purposes,” Steinberg added. “Some sources indicate that security and private entities in Israel are requesting to conduct in the Technion research whose results are not intended for publication. Hopefully, sensitive information didn’t leak as a result of the attack."
    3 View gallery
    האקר האקרים מתקפת סייבר אילוסטרציה
    האקר האקרים מתקפת סייבר אילוסטרציה
    (Photo: Reuters)
    This isn’t the first attack targeting an academic institute in Israel. In 2021, Bar-Ilan University also fell prey to a ransomware attack in which hackers demanded around $2.5 million.
    The university refused to pay the sum, resulting in the hackers leaking hundreds of thousands of personal records of students and academic faculty. The cyberattack was reportedly carried out by an Iran-linked hacker group known as Agrius.
    According to data from cybersecurity firm Checkpoint, Israeli educational institutions are targeted by hackers 3,383 times per week on average, twice as often as other organizations.
    The company explained that educational organizations are a preferred target for hackers due to the valuable personal data they hold and relatively scant investment in cybersecurity.
    The commenter agrees to the privacy policy of Ynet News and agrees not to submit comments that violate the terms of use, including incitement, libel and expressions that exceed the accepted norms of freedom of speech.