Iran and Hezbollah were identified as the entities behind an attempted cyberattack on Ziv Medical Center during the ongoing war with Hamas, which began on October 7 following Hamas' brutal attack on Israel.
The cyberattack, orchestrated by Iran with the involvement of the Hezbollah terror group, aimed to disrupt the hospital's operations but ultimately failed.
Following a joint investigation by the Israel National Cyber Directorate, the IDF, and the Israeli Security Agency, it was revealed that the cyber group affiliated with the Iranian Ministry of Intelligence, with the involvement of Hezbollah cyber unit, attempted to launch a cyberattack on Ziv Medical Center about three weeks ago.
Through coordinated efforts involving the Israel National Cyber Directorate, the IDF, the Israeli Security Agency, the Health Ministry, and the hospital, the attack was thwarted before it could successfully disrupt hospital operations and impact citizens' medical treatment. However, the attackers managed to steal sensitive data stored in the hospital's systems.
The investigation brought to light that the cyberattack group, named AGRIUS and affiliated with the Iranian Ministry of Intelligence, attempted in late November 2023 to carry out a cyberattack on Ziv Medical Center in northern Israel, with the aim of disrupting its ongoing functions amid the ongoing war. The attack was executed by the Iranian Ministry of Intelligence with the involvement of Hezbollah’s "Lebanese Cedar" cyber units under the leadership of Mohammad Ali Merhi.
Despite the attackers' attempt to extract data from the hospital, the swift intervention prevented any harm to the hospital's functioning and potential humanitarian impact on citizens. Nevertheless, the attackers succeeded in extracting some data, which they began publishing online. In joint efforts with the State Prosecutor's office to protect patients' privacy, channels containing sensitive data were promptly removed.