To substantiate its claim, the group released several files, photos, and documents allegedly verifying the breach under the title "Operation Octopus".

Following an inquiry by Israel Hayom, Bennett's office initially stated that he was "unaware of such an event." However, after political commentator Amit Segal reported that the phone had indeed been breached, Bennett's team rushed to issue a statement clarifying that the matter was being handled by relevant security and cyber officials and that the device in question is not currently in use.

Bennett did not stop there and issued yet another clarification, suggesting it is possible the phone was not breached at all. Amid the confusion, Israel Hayom contacted Shai Nahum, CEO of the tech firm CYGHT and a cyber warfare expert.

"According to forensic analysis of the leaked files, there is a high probability that this is not Bennett's phone, but apparently that of one of his associates," Nahum said.

He noted that the leaked photos and video clips had been processed by editing software known as Handbrake, "most likely to change the video format and edit various data points, including metadata."

Nahum added that an analysis of the leaked contact list indicates it does not belong to Bennett himself, but rather to someone likely close to him. For example, contacts are saved under names such as "Bennett's Minister," "Revital Bennett Comms," and even "Naftali Bennett."

"It appears there is an attempt here to portray Bennett as weak, as someone who does not know how to deal with cyber threats or analyze risks properly," Nahum emphasized. "It is understood that this is a group with political and regional interests operating under Iranian sponsorship."

"Sophistication level has risen"

Itay Schwartz, co-founder and CTO of the cyber company MIND, added: "Even before asking if Bennett's phone was truly hacked, one must understand what this event signals: The level of sophistication of cyberattacks in our region has risen dramatically. In recent years, we see actors like Hezbollah and Iran improving capabilities, after the Syrian Army's cyber unit also operated here for years. The enemy is simply improving.

"From the details published, it seems this is an old device that was not updated – exactly the type of weakness attackers know how to exploit. But it is important to emphasize: Even if there was a hack here, it does not mean the hackers received full access to all information. The moment an attacker enters a personal device, he can try to spread to additional assets, because everything is connected, but there is no certainty he succeeded," he added.

"The central lesson is that information security no longer stops at the device itself. A single civilian device today holds huge amounts of sensitive, personal, and sometimes classified information. To prevent such events, one needs not only to protect the phone – but to detect early when information starts moving to a place it shouldn't reach," Schwartz concluded.

The post Iranian hackers claim breach of former Israeli PM's device appeared first on www.israelhayom.com.