“Cyberattacks that intentionally damage critical infrastructure shouldn’t be condoned,” said a senior Trump administration official, who declined to discuss any specific incident and who, like others, spoke on the condition of anonymity because of the topic’s sensitivity. “We think they’re very destabilizing.”
The hackers sought to cripple computers that control water flow and wastewater treatment for a pair of rural districts in Israel, according to two officials of a foreign government that monitored the attack in real time.
Investigators found that the hackers routed their attempted attack through computer servers in the United States and Europe — a common tactic used by adversaries of the West.
Officials at the White House, the National Security Agency and multiple other agencies declined to comment.
The alleged Iranian link to the attack was first reported by Fox News. Spokesmen for the Israeli government and the Israel Defense Forces would neither confirm nor deny the report. An Iranian official denied that his country was involved in the attack. “The Iranian government does not engage in cyberwarfare,” said Alireza Miryousefi, spokesman for Iran’s Mission to the United Nations in New York.
The foreign intelligence officials described the attack as coordinated, but not particularly sophisticated. The intruders targeted “programmable logic controllers” that operate valves for water distribution networks. The two affected districts serve a variety of residential, medical and commercial customers, providing fresh water as well as wastewater removal and treatment. At the time, much of the population was under lockdown because of the pandemic.
The attack was initially detected by employees of the Israel Water Authority, who alerted Israel’s cybersecurity agency. Israeli government officials said the attack was quickly detected and defeated, causing no damage or harm to water supplies. Employees were instructed to change operational system passwords, the officials said.
If Iran’s involvement is verified, it would not be the first time Tehran has been linked to cyberattacks in Israel and other Middle East adversaries. Saudi Arabia blamed Iran for a 2012 cyberattack that knocked out computers for the oil giant Saudi Aramco, though not its operational systems.
In January, Prime Minister Benjamin Netanyahu said Israeli security officials are constantly detecting and foiling Iranian attempts to penetrate the country’s computer networks. “Israel has been a priority target for Iran for years,” said John Hultquist, director of intelligence analysis for FireEye, a U.S. cybersecurity firm.
Israel has engaged in cyber-sabotage against Iran as well. U.S. and Israeli intelligence agencies created the computer worm called Stuxnet, which crippled 1,000 centrifuge machines made by Iran to enrich uranium. Neither country has officially confirmed its role. U.S. officials believe the attack, discovered in 2010, set back Iran’s nuclear program by months.
Iran to date has not successfully carried out a cyberattack sabotaging industrial equipment. Iranian hackers penetrated controllers at a small dam in New York in 2013, but did no damage. They have also gained access to U.S. electrical systems, but have not caused disruptions.
“The fact is they’re getting more aggressive,” said Robert M. Lee, a former NSA operator who co-founded Dragos, a cybersecurity firm specializing in defending industrial control systems. “And they’re getting better. The public should not freak out, because the asset owners are taking steps to shore up their systems, but they must do more.”
Steve Hendrix in Jerusalem and Souad Mekhennet in Washington contributed to this report.