Jerusalem, 23 March, 2026 (TPS-IL) — Israel’s National Cyber Institute (NCI) reported that, recently, cyberattacks have been identified against organizations in Israel, in which attackers gained access to organizational networks and deleted servers and workstations with the aim of disrupting operations. In many cases, the initial access was carried out using real identification details of legitimate users, which had been stolen or leaked in the past.
If a vulnerability was previously discovered in your organization’s remote access system, whether a VPN (Virtual Private Network) or RMM (Remote Monitoring and Management) system, there is a possibility that attackers exploited it and left themselves with ongoing access to the network, using a legitimate user account or one they created themselves.
Even if the systems in the organization have been updated and patched according to the manufacturer’s security updates, as long as the identification information has not been changed, the attacker may still have access to the corporate network.
In light of the conflict with Iran, the NCI recommended that organizations “take a number of immediate actions now that can significantly reduce the risk.”