Expected increase in cyberattacks on Israeli sites this Friday for Iran’s annual Quds (Jerusalem) Day, warns Israel National Cyber Directorate

Israel’s National Cyber Directorate warned Sunday against cyberattacks by Iran and other actors on Iran’s Quds Day (Jerusalem Day), which is held annually on the last Friday of Ramadan. This year, Quds Day falls on April 29. 

In 1979, the year of the Iranian Islamic Revolution, the new Iranian regime established Quds Day as an annual anti-Israeli event, during which Israel is typically widely denounced and lambasted. The day is usually marked by mass rallies and demonstrations in which Israeli and American flags are burned to the accompaniment of chants, such as “Death to America” and “Death to Israel.”

For the last two years, however, the Iranian regime has had to cancel the rallies because of the coronavirus pandemic. The Iranian leadership considers Quds Day to be a “religious and human duty of freedom fighters around the world,” and it is upheld not only in Iran but also across the Muslim world and in some Western capitals. In Berlin, for instance, Quds Day has been a recurring tradition since 1996, but the event was banned for the first time in 2021. 

“Israel is not a country, but a terrorist base against the nation of Palestine and other Muslim nations,” Iran’s supreme leader, Ayatollah Ali Khamenei, said in his live, televised remarks on Quds Day last year. “Fighting this despotic regime… is everyone’s duty.”

Israel’s National Cyber Directorate expects this year’s Quds Day hacking campaign against Israeli websites – coordinated around the world by anti-Israel hackers under the banner “#OPJerusalem” – to take place on or around April 29. Attacks have already been increasing over the past month and, last week, a group of Iraqi pro-Iranian hackers claimed responsibility for an attack that temporarily took down the Israel Airport Authority’s website. That attack was meant to coincide with the two-year anniversary of the assassination of Quds Force Chief Qassem Soleimani by the United States and targeted dozens of other Israeli sites, including the Channel 9 news site. 

“The goal is to sow panic and generate alarm. But we know from past years that [these types of attacks] are not very serious,” Einat Meyron, a cyber security consultant and cyber resilience expert told Times of Israel Sunday about the “#OPJerusalem campaign, adding that attackers typically “try to deface websites where they gain access, erase the homepage and replace it with pro-Palestinian messages.”

Sometimes, however, defacement is used to conceal more serious attempts at doing damage. “There are situations where defacement is used as a smoke-screen to hide a more serious attack, so it’s good to be aware of the possibility,” Meyron warned.

Meyron advised that citizens and organizations can do a lot to protect themselves against potential hacking, including keeping software updated and asking hosting companies to change passwords. “These are all very simple, very basic things that people can do to secure their sites,” she said. “Of course, systems like hospitals will likely have additional layers of protection than, say, a site that sells balloons for Yom Ha’atzmaut [Independence Day], but these are some simple precautions.”

Iran has committed numerous cyberattacks against Israel in recent years. In April 2020, Iran targeted Israel’s water supply, reportedly aiming to increase chlorine levels in the water of Israeli residents and possibly also mix in other chemicals. “If the bad guys had succeeded in their plot we would now be facing, in the middle of the corona crisis, very big damage to the civilian population and a lack of water and even worse than that,” Yigal Unna, of the National Cyber Directorate said at the time without directly mentioning Iran. One unnamed Western intelligence official said that the attack had been “close to successful, and it’s not fully clear why it didn’t succeed.”