Iranian Hackers Expose Israeli Nuclear Scientist and Defense Officials

Hackers allegedly linked to Iranian intelligence have exposed the identity and activities of an Israeli nuclear scientist who worked at the Soreq Nuclear Research Center. The group released photographs claimed to have been taken at Soreq, along with screenshots listing the supposed names of other experts involved in the particle accelerator project. However, analysis suggests that these images are likely not directly related to the Soreq facility.

Simultaneously, the hackers announced that they had breached the personal account of a former Ministry of Defense director-general, publishing his private photos and documents. Personal materials belonging to the Israeli ambassador and a former military attaché to the U.S., as well as information concerning the families of high-ranking Israeli officials, were also revealed.

In March, the hackers claimed access to data from the Negev Nuclear Research Center in Dimona, allegedly by breaching government email servers, including accounts linked to the Israeli Atomic Energy Commission. Last week, they published around 30 images purportedly from Soreq. However, analysis indicated that the images were unrelated to either Soreq or Dimona. It is probable that the material was sourced from the scientist’s phone or email, relating to his work as a radiation safety specialist, with his passport photo among the leaked data.

The leaks also include several screenshots of computer systems supposedly connected to the SARAF particle accelerator project, in which the scientist participated. This allowed the hackers to disclose the names of other experts. While they attempted to obscure document dates, Hebrew dates remained visible, revealing that the materials date back to 2014-2015.

As of now, the hackers have released only about 30 photos rather than the full alleged data cache, making it challenging to verify if they truly accessed internal information from Dimona or Soreq.

The National Cyber Directorate declined to comment, directing inquiries to the Prime Minister’s Office. The Shin Bet security service also did not provide a response.

On behalf of the Israeli Atomic Energy Commission, the Prime Minister’s Office stated: “Following a thorough review, it was determined that the images and drawings do not belong to any of our facilities.” Regarding the screenshots, the commission confirmed that they contain “technical materials related to the particle accelerator installation project at the Soreq Nuclear Research Center.”

For months, the group has systematically disclosed personal information about current and former Israeli officials linked to defense and government agencies. The hackers claim this data was obtained by hacking email accounts. Among the targets was a former major general who previously led military cyber operations before becoming the director-general of the Ministry of Defense. The hackers released his passport photo and threatened to publish a complete archive of his documents.

The group disseminates this information through a dedicated website, sharing links via its Telegram channel. Israeli researchers have identified this group as a unit of Iran’s offensive cyber operations, whose primary aim is to exert informational and psychological pressure.

In recent months, dozens of Israelis have been arrested on charges of collaborating with Iranian intelligence to gather information on high-ranking Israeli officials, including a nuclear scientist. While the connection between these arrests and the leaks remains unclear, the successful extraction of data about an Israeli scientist, even if involved in civilian nuclear research, may be a significant psychological achievement for Iran.

Commenting on the recent leaks, a senior researcher from the National Cyber Directorate told Haaretz: “This group serves as a platform to amplify their attacks—some of which are quite successful, others less so—aimed at impacting the Israeli economy while concurrently employing psychological warfare tactics to instill fear and deterrence.”

Since October, Israel has faced a surge in cyberattacks of varying complexity. In recent months, there have been massive data leaks from the Ministry of Justice, Ministry of Defense, nuclear research centers, the National Insurance Institute, and other government institutions.

Previously, Haaretz reported that other groups had created a blockchain-based site for publishing leaks from Israeli databases. Thousands of documents are already hosted on this platform, which cannot be removed due to its decentralized nature.

Israeli cybersecurity experts warn that the growing number of data leaks concerning Israeli citizens, defense personnel, and individuals with access to classified information poses serious threats. Hackers could exploit these leaks for targeted phishing attacks to gain access to confidential systems. Experts suggest that recent breaches of the National Insurance Institute and Ministry of Defense may have been facilitated by previously stolen data, such as from the Shirbit insurance company and the Elector app, which compromised data of approximately six million citizens.

Several sources confirmed to Haaretz that Israel is actively searching for stolen data online and attempting to remove it through legal channels and appeals to companies managing social networks, messaging services, and other platforms. In some cases, these efforts yield results, but more often, the information remains accessible and virtually impossible to delete.