Hackers claim to have breached Israeli nuclear facility’s computer network

An Iran-linked hacking group claims to have breached the computer network of a sensitive Israeli nuclear installation in an incident declared by the ‘Anonymous’ hackers as a protest against the war in Gaza.

The hackers claim to have stolen and published thousands of documents — including PDFs, emails, and PowerPoint slides — from the Shimon Peres Negev Nuclear Research Center. The secretive facility, which houses a nuclear reactor linked to Israel’s unavowed nuclear weapons program, has historically been targeted by Hamas rockets.

In a social media message explaining their intentions, the group claimed “as we are not as like as the bloodthirsty Netanyahu and his terrorist army we carried out the operation in such a way that no civilians were harmed.”

Despite this statement, in another a social media message the group said it did “not intend to have a nuclear explosion but this operation is dangerous, and anyhting might happen,” alongside an animated video depicting a nuclear detonation and a call for the evacuations of the nearby city of Dimona and the town of Yeruham.

While the documents that have been released potentially suggest the hackers were able to compromise an IT network connected to the facility, there is no evidence they have been able to breach its operational technology (OT) network. Even in the case they did, nuclear facilities have numerous failsafe systems in place to prevent dangerous incidents.

The Israeli embassy in London did not respond to a request for comment about the incident.

Gil Messing, the chief of staff at Israeli cybersecurity company Checkpoint, told Recorded Future News his company was aware of the Anonymous group which was established with its own Twitter and Telegram accounts around the start of the country’s war on Hamas in Gaza.

Checkpoint has mostly observed the hackers echoing attacks carried out by Iranian groups, with Messing suggesting that these might all be the same groups operating under different names.

The Iranian Ministry of Foreign Affairs did not respond to a request for comment.

“So far, some of these attacks were bogus, some genuine, so regarding this specific one it’s hard to say if it’s genuine,” said Messing.

As Messing previously told Recorded Future News, the country’s cybersecurity companies have been closely monitoring Iranian state-backed hackers since the war in Gaza began last October. Iran is a supporter of the Palestinian group Hamas.

Cyberattacks against Israel and its allies have been “relentless” since the war began, he said. Threat actors have been behind enormous data dumps, broken into government computer systems, hacked into Israeli security cameras, stepped up disinformation campaigns and targeted industrial control systems halfway across the world.

In this incident, he added that Checkpoint has analyzed documents which the hackers released. “We can say that they are mostly not very sensitive (mostly around emails, names, vendors they work with) but could be sensitive for future attacks like phishing and others.”

Messing stressed that the documents were not evidence the hackers had control over any of the facility’s operational systems.