Connect with us

Hi, what are you looking for?


Malware & Threats

Israel Power Grid Not Hit in Electricity Authority Incident: Report

An official revealed that Israel’s Electricity Authority was targeted in a cyberattack, but experts said it was just a ransomware infection that has not impacted the country’s power grid.

An official revealed that Israel’s Electricity Authority was targeted in a cyberattack, but experts said it was just a ransomware infection that has not impacted the country’s power grid.

Israel’s Minister of National Infrastructure, Energy, and Water Yuval Steinitz told attendees of the Cybertech 2016 conference in Tel Aviv earlier this week that the country’s Electricity Authority had been hit by a “severe cyberattack.”

According to The Times of Israel, Steinitz said the Electricity Authority identified a “virus” and was working on neutralizing it, and that many of the organization’s computers had been “paralyzed.”

“This is a fresh example of the sensitivity of infrastructure to cyberattacks, and the importance of preparing ourselves in order to defend ourselves against such attacks,” Steinitz said.

Some Israeli publications even quoted Steinitz saying that this was one of the largest cyberattacks his ministry has dealt with and that portions of the power grid were shut down while authorities responded to the incident. Major news sites later updated their initial articles and removed sections about parts of the power grid being shut down during incident response.

The Electricity Authority incident in Israel comes just months after the country’s National Cyber Authority warned of the threat of a massive cyberattack.

While Steinitz’s statement led many to believe that this might have been a sophisticated cyberattack specifically aimed at the Electricity Authority, later reports indicated that the virus was actually a piece of ransomware delivered via phishing emails to the organization’s network.

Advertisement. Scroll to continue reading.

An Israel-based expert told SecurityWeek that the incident appears to involve CryptoLocker ransomware infections on some of the organization’s workstations. The Electricity Authority is tasked with setting tariffs, regulation and oversight, and its networks are not connected to the Electric Corporation or electricity manufacturers.

“The Israel Electric Authority the Minister mentioned is in no way related to the networks of the Israeli electric companies, transmission, or distribution sites. The Israeli Electric Authority is a regulatory body of roughly 30 individuals and this ‘cyber attack’ is only referencing their networks,” Robert Lee, CEO and founder of Dragos Security, explained in a blog post.

Based on newer reports surrounding the incident, Lee believes that only the regulatory body’s office network has been impacted, and the incident has in no way endangered critical infrastructure.

Exaggerated Claims

It’s not uncommon for officials to exaggerate the impact of a cyber threat and their statements are sometimes based on or supported by questionable reports released by security firms. For example, in April 2015, experts accused threat intelligence company Norse and the American Enterprise Institute (AEI) of fearmongering after they published a report on Iran’s cyber capabilities.

“AEI’s political agenda for this report was clearly the current multilateral agreement with Iran to curb its nuclear weapons program,” Jeffrey Carr, CEO of Taia Global, said at the time. “The report’s conclusion reiterates that sanctions against Iran must not be lifted as part of the nuclear framework agreement because of Iran’s role as a cyber threat actor. Bottom line – this report is all about politics, not cyber security.”

The Norse/AEI report was published after U.S. intelligence officials blamed Iran for DDoS attacks on United States banks, a malware attack on Saudi Arabian oil and gas company Saudi Aramco, and the hacker attacks on Las Vegas-based Sands Casino.

Cyberattacks Causing Power Grid Disruptions Are a Reality

While the incident in Israel might have not affected the country’s power grid, the recent attacks aimed at Ukraine’s energy sector have demonstrated that the threat posed by malicious cyber actors should be taken seriously.

Ukraine accused Russia in December of launching a cyberattack that resulted in power outages in some regions. Experts who analyzed the incident determined that while several pieces of malware were used by the attackers, they had not directly caused the outages and instead helped the adversary cover its tracks and make it more difficult to restore service.

Researchers said the actual power outages were likely a result of direct interaction by the attackers — they remotely gained access using a piece of malware and used that access to interact with the system (e.g. open breakers) and cause the disruption.

The Ukraine attacks involved Russia-linked BlackEnergy malware, a destructive plugin named “KillDisk,” and an SSH backdoor dubbed “Dropbear SSH.”

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Malware & Threats

Threat actors are increasingly abusing Microsoft OneNote documents to deliver malware in both targeted and spray-and-pray campaigns.

Malware & Threats

Unpatched and unprotected VMware ESXi servers worldwide have been targeted in a ransomware attack exploiting a vulnerability patched in 2021.

Malware & Threats

A vulnerability affecting IBM’s Aspera Faspex file transfer solution, tracked as CVE-2022-47986, has been exploited in attacks.


The recent ransomware attack targeting Rackspace was conducted by a cybercrime group named Play using a new exploitation method, the cloud company revealed this...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...