The Israel National Cyber Directorate (INCD) announced on March 7, 2023, that the Iran-linked threat group MuddyWater is behind the attack on the Technion, a prestigious Israeli research and tech university in Haifa.

The attack occurred last month and resulted in the shutting down of Technion’s servers. The hackers, calling themselves Darkbit, requested 80 bitcoin as ransomware (approximately NIS 6 million).

In the ransomware note, they said they chose Israel as a target because of its “apartheid policy,” stating that “the apartheid regime is required to pay for its lies and crimes, as well as for the occupations and war crimes, and for killing people – not only Palestinians but also the souls of Israelis.”

Last year, CISA issued a warning against MuddyWater, saying that it is “conducting cyber espionage and other malicious cyber operations as part of Iran’s Ministry of Intelligence and Security (MOIS), targeting a range of government and private-sector organizations across sectors—including telecommunications, defense, local government, and oil and natural gas—in Asia, Africa, Europe, and North America.”