Ministry of Health website was attacked by pro Iranian-Iraqi hacker group "AlTahrea"

The Ministry of Health website was attacked Sunday evening by the pro-Iranian Iraqi hacker group AlTahrea. The hackers published the attack on their telegram channel and included ridicule in their message as defiance of Israel. This is the same group that was responsible for shutting down the sites of the Jerusalem and Tel Aviv municipalities in the past two weeks and also tried to attack the Rafael company website and probably other sites of small tourism and retail companies.
The group uses denial of service attacks - that is, sending a massive amount of login requests to the site it is attacking. According to Imperva researchers, this is a distributed infrastructure consisting of a large number of "zombie" computers that have been infected with malware that allows hackers to control them remotely, sometimes even without the knowledge of their owners. These are operated by the remote group. It is not clear if the infrastructure is theirs or they are renting it from criminal hackers.
According to a spokeswoman for the Ministry of Health, the ministry's website is not available to surfers from abroad, apparently due to the blocking of traffic from outside the country. However, the site is available and was also available through the gov.il portal during the attack - according to our review. However, this is still a rather embarrassing operation for the government computer system - government available. The group's hackers have been using the same method for several months, and still manage to disable access to government or institutional sites time and time again.
These are probably image operations, but according to cyber experts with whom we spoke to the group more sophisticated capabilities than those it has revealed during recent attacks. She attributes her attacks as an act of revenge for the killing of Qassem Suleimani, a senior member of the Iranian Revolutionary Guards, who acted mainly against Israel and was killed during an operation attributed to the US administration. However, it is not clear whether the hackers themselves are Tehran emissaries or simply Shiite activists trying to carry out independent actions to glorify the Islamic regime of Iran.
In the group's last post published in their telegram, they refer to the martyr Abu Saif al-Arawi, a man who was one of the commanders of the Sayyid al-Shuhda battalions who was killed in the "containment battles" in Iraq against ISIS in 2015. This battalion is part of the Iranian militias in Iraq, which Suleimani commanded. The group is proud of its Iraqi origins in quite a few of its publications, and it should be mentioned that Iraq is still one of the countries where there is a very large Shiite population.
The group's actions are always carried out at some political or media time. For example, the attack on the Jerusalem Municipality website was carried out at the same time as US President Joe Biden's visit to the city a few days ago. ''and.
The group identifies with the Russian axis and uses the Putin regime's rhetoric against Ukraine - which will raise the question of whether it is a group close to Russia as well. In an interview with Cyberzone's cyber-terrorism expert, he explained that Russia is providing Iranian or pro-Iranian hackers with the infrastructure to carry out attacks without attribution for propaganda purposes.
However, there is a great deal of misinformation in these assaults. For example, the hackers also took responsibility for the burning of the Orot Yosef power plant in the Negev area a few days ago, an incident that turned out to be unrelated to their activities later on.
Nadav Avital, head of the research group at the imperva company, explained to us that the company found that the same group had infrastructure that was reused. This is a distributed infrastructure around the world, which can make it difficult to stop the attacks. Denial of service attacks are very easy to use, and can still damage image without the need for special effort.