Despite its reputation for founding one of the world’s top intelligence units, Unit 8200—an Israeli Intelligence Corps unit of the Israeli Defense Forces that specializes in signal intelligence and cybersecurity, Israel still faces significant vulnerabilities to cyberattacks. So little of the breaches make it to the news as a result of Israel’s extensive use of gag orders to silence the media far beyond their necessity. In some cases, targets knew of their information being leaked via international media rather than domestic platforms.
On January 26, 2025, the Handala hacker group, reportedly linked to Iran, exploited the interfaces of Maager-Tec, an Israeli electronics firm, and managed to disseminate tens of thousands of text messages to Israelis as well as breach an emergency button systems across approximately 20 kindergartens and other institutions in Israel. This cyberattack allowed them to broadcast rocket sirens, Arabic messages, and songs through the emergency systems.
The cyber rivalry between Iran and Israel is one of the oldest and most longstanding ones. It began as early as 2006, when the United States and Israel developed and deployed Stuxnet, a cyberweapon targeting Iran’s nuclear facility, Natanz. This attack marked the beginning of Iran’s sophisticated cyber program, now considered one of the top threats globally. Gag orders issued by Israel to prevent the media from reporting on these attacks have succeeded in concealing most of Iran’s successful breaches. However, concerns regarding the intensity of their usage posit that these orders seem to no longer serve the protection of the target. Gag orders in Israel are leveraged tools to further control the dissemination of news by preserving Israel’s marketed shell image of being an invincible entity.
Iranian Spyware
For more than 20 years now, Iranian malware, spyware, and cyber campaigns have breached Israel starting with Mahdi Torgan (2012). Mahdi Torgan is a piece of malware used in cyberespionage that has targeted around 800 computers, two thirds which were in Israel. According to a Times of Israel article, “… the Mahdi Trojan was built with Israelis in mind is obvious to anyone who comes across it. Several variants of the Trojan have been discovered in email attachments, such as Powerpoint presentations. The slides in the presentation display calm-looking images of mountains, streams, and lakes, and contain instructions to click on the images — in English and in Hebrew. One of the slides, for example, says in English “Would you like to see the Moses,” with a (properly-written) Hebrew translation below. A second slide instructs users to “look at the four central points of the next picture For 30 seconds… please click this file,” with another (this time, less successful) Hebrew translation…”
Screenshot of Mahdi in action (Photo credit: Kaspersky Labs)
Since the outbreak of Israel’s war on Gaza on October 7, 2023, there has been a significant increase in cyberattacks against Israel. There were reports that Handala hackers groups obtained classified documents from the Israeli Ministry of Economy and Industry, the Bank of Israel, the Tel Aviv Stock Exchange, various municipalities, government hospitals, and several other institutions with direct links to government ministries. For example, in April 2024, mass cyber attacks targeted the Ministry of Justice and in September the Ministry of Defense. This led to the leaking of sensitive information about thousands of Israelis, as well as government databases, causing widespread concern about national security and personal privacy. This underscores a persistent fragility within Israel’s national cyber defenses.
On February 9, Handala, the same group that had conducted a cyberattack in January, also claimed to have stolen over 2.1 terabytes of sensitive data from Israel’s police force, leaking 350,000 documents publicly. Despite the fact that the alleged leaks were posted by the group across their channels, Israeli police have denied the attack.
A few days prior to the attacks, Handala had also teased their targets across X and telegram channels hinting at the preceding breaches. In some cases, they release a portion of the stolen data as proof of their claims. Telegram has shut down more than 14 channels by Handala so far, with the latter creating their 15th channel earlier this year.
Gag Orders
The Israeli government has implemented several gag orders to prevent national media from reporting details about these cyberattacks, ostensibly to protect national security and manage the dissemination of sensitive information. However, this practice has been criticized by legal professionals and cybersecurity experts, who have expressed concerns about the implications of gag orders, arguing that they hinder democratic processes and the ability to respond effectively to cyber threats. Preventing the media from discussing these breaches obscures the extent of cybersecurity failings and limits public awareness and subsequent government accountability.
The increasing amount of gag orders has been carefully monitored by independent Israeli media platforms who diverge from state narratives. A 2016 article by +972 Magazine titled “Gag orders in Israel have tripled over the last 15 years” explored how disseminating information has been conveniently controlled by the military through gag orders. According to the article, a forthcoming report on classified intelligence in the digital age—authored by Dr. Tehila Schwarz-Altschuler of the Israel Democracy Institute in collaboration with Dr. Guy Lurie—was set to be published at the time. The article further quotes Dr. Tehila stating:
“Gag orders have become a more attractive option as the jurisdiction of the military censorship was eroded by the High Court of Justice. She continued: “On the surface, it’s better that the courts decide on these matters and not the censor, but the system finds ways to bypass that. For example, sometimes an investigation is launched for no reason other than telling the court that there’s an open investigation that can be protected only by a gag order.”
Seeking ways to better regulate these orders, Dr. Schwarz-Altschuler and Dr. Guy Lurie suggested a separate information court to oversee hearings. They additionally recommended limiting gag orders to 24 hours, with extensions permitted only if a representative of the Press Council is present.
Gag orders are not solely used for media control inside Israel; they also extend to social media platforms, restricting the information Israelis can access through takedown requests or content blocking. A 2016 article titled “How Israel is trying to enforce gag orders beyond its borders” and published in +972 Magazine discusses a case when Twitter blocked Israelis from viewing certain tweets published overseas at Israel’s request. The piece’s author, Michael Schaeffer Omer-Man, further exposes the oppression, explaining: “Because I am writing this from Israel, I am legally forbidden from telling you what Silverstein’s original tweet said. I can’t even tell you the specific legal reason why I can’t tell you what I can’t tell you. What I can say is that as the use of military censorship in Israel has become less common and less sweeping over the years, authorities are increasingly using court gag orders to control the flow of information in the country. Oftentimes those gag orders cover the very existence of the gag order itself.”
The media space seems to have tightened even further with the saturation of silenced cyber attacks. On January 30, 2025 just four days after hackers infiltrated the alarm systems of 20 kindergartens, a Shomrim report titled “Government Offices Hacked, Private Data Leaked—But Israeli Citizens Are Kept in the Dark” reflects on how a legal tool designed to protect citizens is being used to safeguard the reputation of Israel’s Ministries.
This practice ties into broader narrative control and Hasbara propaganda strategy, which not only crafts a triumphant or victimized image of Israel but also serves to obscure access to facts and dissenting opinions that do not align with its agenda.
