Pro-Iranian hackers targeted livestreams on the websites of Israeli radio stations on Thursday night, as Iran and its proxies marked Quds Day.
A video replacing the livestreams showed the word “hacked” and a number of Israeli logos as the sound of a siren played followed by a recording in Arabic and a video of the Temple Mount and a rocket being fired.
The sites targeted included 100FM, 102.5FM, 91FM, Radio Sol and Hidabroot. The livestreams on the first four websites were not working as of the time of writing, while the livestream on the Hidabroot channel was working.
The hacker group behind this attack seems to be “Hackers of Savior,” the group that in May 2020 hacked the website of The Jerusalem Post and hundreds of other Israeli websites. In that attack, the group replaced the pages with an anti-Israel video and message in Hebrew and broken English: “The countdown of Israel destruction has begun since a long time ago [sic].”
A Telegram channel apparently associated with the group posted on Thursday night: “Now hear our voice from the Holy Quds, the capital of Palestine. On radio stations: 100 FM, 96, soel and …” The post was accompanied by the video that replaced the livestreams on the Israeli sites ending with the text “We will turn all of Palestine into hell for you.”
The group threatened that it would “unveil the next surprise in the next few hours” and claimed it had hacked other sites, although all the other sites listed as hacked were working without disruptions as of the time of writing.
The group additionally threatened to release the identification information of millions of Israeli citizens, including bank data and data from the Ashdod and Haifa ports. The data appeared to be fake as cities, not streets are listed under the street section of an image of the datatable shared by the group.
The National Cyber Directorate had warned on Sunday that it expected an increase in cyberattacks on Quds Day and at the end of Ramadan, with attackers operating under the title “#OPJerusalem.”
In May 2020, cybersecurity firm Check Point reported that the attack by Hackers of Savior was conducted by nine attackers who had been operating since April of that year. Their profiles seem to connect them to Turkey, North Africa and the Gaza Strip.