Full Report
Kosher Israeli internet provider, Internet Rimon, which provides Internet filtering services for the religious and haredi sectors, was hacked by an Iranian cyberattack group. Moshe Lampert reports: On Saturday night Iranian hackers, known as the “Promised Revenge,” hacked the Rimon Internet Provider, which provides Internet filtering services for the religious and haredi sectors. The incident... Source
Analysis Summary
# Incident Report: Cyberattack on Israeli Kosher Internet Provider
## Executive Summary
An Iranian cyberattack group, "Promised Revenge," targeted Rimon Internet Provider, an Israeli ISP providing filtering services mainly to the religious and Haredi sectors. The attack, commencing on August 23, 2025, resulted in significant service disruptions, causing partial to complete customer disconnections. The response involved immediate blocking actions, extensive work by internal teams and external Israeli cybersecurity entities, leading to customer reconnection efforts.
## Incident Details
- Discovery Date: August 23, 2025 (Disruptions reported starting around 11:30 p.m. local time)
- Incident Date: August 23, 2025 (Began around 11:30 p.m.)
- Affected Organization: Rimon Internet Provider
- Sector: Internet Service Provider (Specializing in filtered/kosher internet)
- Geography: Israel
## Timeline of Events
### Initial Access
- Date/Time: August 23, 2025, 11:30 p.m. (Approximate start of reported impact)
- Vector: Likely a Denial of Service (DoS) or network disruption attack orchestrated by the threat actor.
- Details: The attack led to severe disruptions, including partial or complete customer disconnection from the network.
### Lateral Movement
- *Not explicitly detailed in the source material, but the impact suggests a network-level disruption aimed at availability rather than data theft.*
### Data Exfiltration/Impact
- Impact: Severe service disruption and unavailability for customers.
### Detection & Response
- Detection: Detected on August 23, 2025 ("Immediately upon discovery of the incident").
- Response actions taken: Immediate action taken to block the attack, followed by extensive activity by the company’s technology teams and other leading entities in Israel to restore service.
## Attack Methodology
- Initial Access: Hostile entity/Iranian cyberattack group "Promised Revenge."
- Persistence: *Not detailed/Applicable if purely a disruptive attack.*
- Privilege Escalation: *Not detailed.*
- Defense Evasion: *Not detailed.*
- Credential Access: *Not detailed.*
- Discovery: *Not detailed.*
- Lateral Movement: *Not detailed.*
- Collection: *Not detailed.*
- Exfiltration: *Not detailed.*
- Impact: Denial of Service/Service Disruption.
## Impact Assessment
- Financial: *Not disclosed.*
- Data Breach: *No data breach/exfiltration was reported; the attack was focused on service availability.*
- Operational: Significant operational downtime and service interruption for Rimon's customer base.
- Reputational: Potential reputational impact due to widespread service outages.
## Indicators of Compromise
- *No specific network or file IoCs were provided in the article.*
Behavioral indicators: Network service degradation/outage following the reported attack time.
## Response Actions
- Containment measures: Immediate action taken to block the attack.
- Eradication steps: Ongoing work by internal teams and external security entities.
- Recovery actions: Customers were in the process of being reconnected to the service following remediation efforts.
## Lessons Learned
- Key takeaways: Providers servicing critical or niche sectors remain high-value targets for politically motivated threat actors.
- What could have been done better: *Not explicitly stated, but underscores the need for robust DDoS mitigation capabilities.*
## Recommendations
- Prevention measures for similar incidents: Enhancement of external network defenses specifically against large-scale denial of service attacks targeting critical infrastructure components.
- Regular review and testing of incident response plans for service disruption scenarios.