In March 2014, the Port of Haifa in Israel was targeted by a cyberattack attributed to Iranian hackers (IRGC-affiliated groups 'Iranian Saviours / Tunnel Vision'). The attack resulted in the leak of sensitive video footage from security cameras, exposing access gates, office workstations, and employees at their desks. Additionally, personal details and identification documents of hundreds of port workers were published by the attackers. The incident was part of a retaliatory 'shadow war' following a prior cyberattack on an Iranian port. While the exact attack vector remains unclear, the breach compromised employee data and operational security, raising concerns about espionage and potential escalation in cyber warfare between the involved nations. The leaked information included identifiable records, posing risks of identity theft, reputational damage, and operational vulnerabilities for the port authority.
TPRM report: https://www.rankiteo.com/company/haifa-port
"id": "hai531092125",
"linkid": "haifa-port",
"type": "Cyber Attack",
"date": "3/2014",
"severity": "100",
"impact": "6",
"explanation": "Attack threatening the economy of geographical region"{'affected_entities': [{'industry': 'transportation/logistics',
'location': 'Haifa, Israel',
'name': 'Port of Haifa',
'type': 'maritime port'},
{'industry': 'transportation/logistics',
'location': 'Ashdod, Israel',
'name': 'Port of Ashdod',
'type': 'maritime port'}],
'data_breach': {'data_exfiltration': True,
'file_types_exposed': ['video files',
'document files (likely PDFs or '
'images)'],
'number_of_records_exposed': 'hundreds',
'personally_identifiable_information': True,
'sensitivity_of_data': 'high (includes PII and ID documents)',
'type_of_data_compromised': ['video surveillance footage',
'personal identifiable '
'information (PII)',
'employee records',
'identification documents']},
'date_detected': '2014-03',
'description': 'In March 2014, the ports of Haifa and Ashdod, Israel, were '
'targeted in a cyberattack attributed to Iranian hackers '
"('Iranian Saviours / Tunnel Vision' or IRGC). The attack was "
"part of a 'shadow war' in retaliation for a prior cyberattack "
'on an Iranian port. The incident resulted in the leakage of '
'video footage from security cameras (showing access gates and '
'office workers) and a file containing personal details and '
'identification papers of hundreds of port workers. The exact '
'attack pattern and post-incident measures remain unclear.',
'impact': {'brand_reputation_impact': 'potential damage due to exposure of '
'sensitive worker data',
'data_compromised': ['video footage (security cameras, office '
'workers)',
'personal details of workers',
'identification papers',
'employee records (hundreds of workers)'],
'identity_theft_risk': 'high (personal details and ID papers '
'exposed)',
'systems_affected': ['security camera systems',
'potential internal networks (unconfirmed)']},
'initial_access_broker': {'high_value_targets': ['security camera systems',
'employee databases']},
'investigation_status': 'unclear (attack pattern and response measures not '
'publicly detailed)',
'motivation': ['retaliation', 'geopolitical conflict', 'shadow war'],
'ransomware': {'data_exfiltration': True},
'threat_actor': ['Iranian Saviours',
'Tunnel Vision',
'IRGC (Islamic Revolutionary Guard Corps)'],
'title': 'Cyberattack on the Ports of Haifa and Ashdod, Israel (2014)',
'type': ['cyberattack', 'data breach', 'espionage']}