{
	"id": "3684b84a-9d77-424c-a773-5b020f4cb5fd",
	"created_at": "2026-04-06T00:07:34.066459Z",
	"updated_at": "2026-04-10T13:12:13.24068Z",
	"deleted_at": null,
	"sha1_hash": "b042fa8e5645ec882cd7a02c49c15ba58ec2b123",
	"title": "Altahrea Team hackers claim responsibility for power plant fire in Israel",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 169141,
	"plain_text": "Altahrea Team hackers claim responsibility for power plant fire in\r\nIsrael\r\nBy Claudia Glover\r\nPublished: 2022-07-14 · Archived: 2026-04-05 12:36:52 UTC\r\nExpert doubts Altahrea Team’s claims about Israel power plant fire\r\nHackers say they took control of a power plant before it caught fire, but cybersecurity analysts are sceptical.\r\nIran and Israel flag together realtions textile cloth fabric texture\r\nThe Altahrea Team hacking group has taken responsibility for a power plant fire in Israel today, saying it assumed\r\ncontrol of the plant’s remote management system ahead of the blaze. A security expert who spoke to Tech Monitor\r\nis highly dubious about the claims, and believes such an attack would be beyond the group’s capabilities.\r\nThe Orot Yosef power plant in Southern Israel caught fire earlier today. No one was injured in the blaze, and the\r\nofficial cause has yet to be determined. Reporter Arnold Nataev, from Israeli radio station Radio Darom 97,\r\ntweeted from the scene that the source of the fire appears to have been an air filter.\r\n“The fire and rescue service updates that it is the burning of an air filter in an IEC facility that endangers the\r\nnearby facilities,” he wrote earlier today.\r\nבכבאות והצלה מעדכנים כי מדובר בשריפת פילטר אוויר במתקן חברת חשמל שמסכן את\r\nהמתקנים הסמוכים. למקום הוזנקו כוחות רבים ורכבי אספקת מים, בשלב זה אין מידע על נפגעים.\r\n2022 14, July) ArnoldNataev (@ארנולד נטייב —\r\nhttps://techmonitor.ai/technology/cybersecurity/alahrea-team-power-plant-fire-israel\r\nPage 1 of 3\n\nHowever, Altahrea has claimed responsibility for the fire on its Telegram channel. The group says it hacked into\r\nthe remote energy measuring system of the power plant prior to the blaze and shared the system’s IP address\r\nonline for anyone to access. It is unclear from the messages whether the group is claiming to have started the fire\r\nitself.\r\n🌐 The Israeli power plant \"Orot Yosef\" was exploded🚨\r\nEarlier today, ALtahrea the Iranian 🇮🇷 hacking team claimed to hacked into the remote\r\nenergy management of the power plant and shared the IP address of the EMpro system on\r\ntheir TG channel 🧐#ALtahrea pic.twitter.com/iFK53oGlqz\r\n— DarkFeed (@ido_cohen2) July 14, 2022\r\nOn the channel, Altahrea Team shared images of the power plant fire, and posted provocative statements like: “Do\r\nyou smell gas or Benzen? Check the store,” before leaving the number of the local fire department.\r\nYossi Reuven, security research team lead at Israeli security company SCADAfence, is sceptical about Altarhea’s\r\nclaims. “It is unlikely that this one is related to them [Altahrea] due to the high impact, sophistication and\r\ncapabilities needed to execute this type of attack,” he says.\r\nThe Orot Yosef plant is operated by Edeltech. It has been up and running since 1989 and has an output of\r\n1,189mw of electricity. Tech Monitor has contacted Edeltech for comment on the fire.\r\nWho are the Altahrea Team?\r\nAltahrea Team is thought to be made up of Iranian hackers, or Iraqi hackers supportive of Iran.\r\nIt is “known for multiple DDoS attacks on Israeli targets like the Jpost, Israeli 9 channel and the Israeli port\r\nauthority,” according to security company Check Point, which added that “these loud attacks appear to be\r\npolitically motivated.”\r\nDDoS attacks are relatively simple to execute, meaning a complex operation such as taking control of a power\r\nplant remotely would be a significant departure for the gang.\r\nAltahrea Team has not limited its operations to Israel. In May, Tech Monitor reported that it knocked out systems\r\nat the Port of London Authority offline with a DDoS attack, while in April it struck Turkish media outlet Anadolu\r\nAgency as well as Turkish President Recep Urdogan’s website. \r\nCyber tensions have been running high between Israel and Iran, and last month hackers linked to Israel claimed to\r\nhave taken control of systems at three state-owned steel companies in Iran.\r\nRead more: Will closer ties with Israel impact cybersecurity in the UK?\r\nHomepage image courtesy Oleksii Liskonih/iStock\r\nMore Relevant\r\nhttps://techmonitor.ai/technology/cybersecurity/alahrea-team-power-plant-fire-israel\r\nPage 2 of 3\n\nclose\r\nSign up to the newsletter: In Brief\r\nYour corporate email address *\r\nVist our Privacy Policy for more information about our services, how we may use, process and share your\r\npersonal data, including information of your rights in respect of your personal data and how you can unsubscribe\r\nfrom future marketing communications. Our services are intended for corporate subscribers and you warrant that\r\nthe email address submitted is your corporate email address.\r\nSource: https://techmonitor.ai/technology/cybersecurity/alahrea-team-power-plant-fire-israel\r\nhttps://techmonitor.ai/technology/cybersecurity/alahrea-team-power-plant-fire-israel\r\nPage 3 of 3",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MISPGALAXY",
		"Malpedia"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://techmonitor.ai/technology/cybersecurity/alahrea-team-power-plant-fire-israel"
	],
	"report_names": [
		"alahrea-team-power-plant-fire-israel"
	],
	"threat_actors": [
		{
			"id": "d90307b6-14a9-4d0b-9156-89e453d6eb13",
			"created_at": "2022-10-25T16:07:23.773944Z",
			"updated_at": "2026-04-10T02:00:04.746188Z",
			"deleted_at": null,
			"main_name": "Lead",
			"aliases": [
				"Casper",
				"TG-3279"
			],
			"source_name": "ETDA:Lead",
			"tools": [
				"Agentemis",
				"BleDoor",
				"Cobalt Strike",
				"CobaltStrike",
				"RbDoor",
				"RibDoor",
				"Winnti",
				"cobeacon"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "a3687241-9876-477b-aa13-a7c368ffda58",
			"created_at": "2022-10-25T16:07:24.496902Z",
			"updated_at": "2026-04-10T02:00:05.010744Z",
			"deleted_at": null,
			"main_name": "Hacking Team",
			"aliases": [],
			"source_name": "ETDA:Hacking Team",
			"tools": [],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "e90c06e4-e3e0-4f46-a3b5-17b84b31da62",
			"created_at": "2023-01-06T13:46:39.018236Z",
			"updated_at": "2026-04-10T02:00:03.183123Z",
			"deleted_at": null,
			"main_name": "Hacking Team",
			"aliases": [],
			"source_name": "MISPGALAXY:Hacking Team",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "f07ed87c-33ca-44a8-a362-7d5ea193aa7b",
			"created_at": "2023-11-08T02:00:07.123499Z",
			"updated_at": "2026-04-10T02:00:03.419917Z",
			"deleted_at": null,
			"main_name": "Altahrea Team",
			"aliases": [],
			"source_name": "MISPGALAXY:Altahrea Team",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		}
	],
	"ts_created_at": 1775434054,
	"ts_updated_at": 1775826733,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/b042fa8e5645ec882cd7a02c49c15ba58ec2b123.pdf",
		"text": "https://archive.orkl.eu/b042fa8e5645ec882cd7a02c49c15ba58ec2b123.txt",
		"img": "https://archive.orkl.eu/b042fa8e5645ec882cd7a02c49c15ba58ec2b123.jpg"
	}
}