Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Black Shadow. Show all posts

Iranian Hackers: Israeli Tourism Sites Targeted

A malware targeted websites for the Israeli public transportation companies Dan and Kavim, a children's museum, and a public radio blog. Reportedly, none of the sites were reachable to users by Saturday noon.

On Tuesday, the Sharp Boys hacking group claimed to have stolen data from Israeli travel websites, including ID numbers, addresses, credit card details, and etc.

Websites were compromised 

As per hackers, the affected websites are hotels.co.il, isrotel.com, minihotel.co.il, tivago.co.il, and danhotels.com. Tuesday morning, according to the company, hotels.co.il was inaccessible, however by Tuesday afternoon, the site had loaded. 

"Hello once more! If you don't want your data disclosed by us, contact us as soon as possible," on Friday night, the hackers posted a message on Telegram. A follow-up message stated: "They did not get in touch with us, the first list of data is here " the group said, posting the data online.

Later on Saturday, the gang uploaded what it claimed to be information about customers of the Dan transportation company and a travel agency in a new message that claimed to have more data. "You are under our control no matter where you go, even on your travels. Please keep our name in mind." In an image shared on a Telegram account, Sharp Boys made the statement. 

Everything to know about Sharp Boys cyber gang

According to Israeli media, Sharp Boys is a hacking group with links to Iran that conducts cyber espionage for illicit purposes. 

The Sharp Boys hacker group first appeared in December when it claimed to have affected two Israeli hiking websites. They also claimed to have taken control of the website's backend administration and released a spreadsheet that contained the personal data of 120,000 people. 

In December last year, the group hacked into the Shirbit insurance company in Israel and stole vast volumes of data. When the company declined to pay the $1 million ransom demand, it exposed the data. A spreadsheet that contained personal data and credit card details for 100,000 people was released.

According to a report released on Tuesday by the Israeli cybersecurity firm Check Point, the average weekly number of assaults on businesses in the travel and leisure industry increased globally by 60% in June 2022 compared to the first half of June 2021.

BlackShadow Hacker Organization Hijacked Cyberserve Firm

 

The Israeli hosting provider Cyberserve has been hacked by the BlackShadow - an Iranian state-sponsored hacking organization to acquire client records and impair the company's services. 

Cyberserve is a web development and hosting company headquartered in Israel that is employed by a variety of organizations, including local radio stations, museums, and educational establishments. 

Beginning on Friday 29th of October, users seeking to access the website hosted by Cyberserve were faced with website problems and notifications indicating that the site was unreachable due to some kind of cybersecurity problem. 

A hacker organization known as BlackShadow claimed credit for the Cyberserve assault and is extorting the hosting firm as well as its users for $1 million in bitcoin in exchange for not leaking stolen data. 

The extortion demand had a 48-hour deadline beginning on Saturday 30th of October, but the hackers almost instantly disclosed a sample of 1,000 documents to establish their point. 

A database holding the personally identifiable information of a big LGBT site called 'Atraf' was stolen as part of the data breach, making the security event highly serious. Putting LGBT individuals in traditional communities at-risk places them in a situation of danger, both physically and mentally. 

"Atraf's team did not contact us for any deals yet so we collected 50 famous Israeli that were surfing and we leak their video's," threatened the hacking group on Telegram. A number of websites hosted by CyberServe, including Atraf, are offline, suggesting that the firm is still addressing the attack. 

This assault has also impacted the following websites: 

  • The Kavim (Dan Bus) public transportation firm. 
  • The Kan public broadcaster. 
  • The Pegasus travel agency. 
  • The Holon Children's Museum. 

BlackShadow is an Iranian state-sponsored hacker outfit with verified ties to the Pay2Key ransomware strain, that has been used against Israeli targets on many occasions. In contrast to traditional ransomware assaults, the threat actors driving BlackShadow are not thought to be monetarily motivated. 

According to Omri Segev Moyal, co-founder and CEO of Israeli cybersecurity firm Profero, these hacker organizations' activities are retaliatory and intended to undermine Israeli interests. 

"The recent attacks from the so-called 'BlackShadow' are just another cycle of the clandestine Iran-Israeli war. It’s a well-constructed InfoOp combined with very weak hacking skills to hurt Israel. We assume the current cycle is also in retaliation for the attack against the gas pumps in Iran last week." - Omri Segev Moyal.

Black Shadow Leaked Hundreds of Thousands Data--Israel Internet Association

 

A group of Iranian hackers called Black Shadow has leaked the personal credentials of hundreds of thousands of Israeli medical patients’ appointment details and members of аn LGBTQ site in a ransomware attack on Tuesday night. 

According to the local reports, the information that has been released in public includes names, addresses, personal information, appointments and medical test results of more than 290,000 patients of a specific medical center and vaccine status, the info on blood tests, treatments, CT scans, colonoscopies, and ultrasounds. The group has also released the full database from LGBTQ dating service Atraf, including their names, locations, and in some cases, their HIV status too. 

Also, reports reveal that the Black Shadow group has stolen the data after targeting Israeli hoster CyberServe, which has denied paying a $1m ransom. 

“Describing this as one of the most serious attacks on privacy that Israel has ever seen," the Head of the Israel Internet Association Yoram Hacohen told the Times of Israel that "Israeli citizens are experiencing cyber terrorism. This is terrorism in every sense and the focus now must be on minimizing the damage and suppressing the distribution of the information as much as possible." 

Times of Israel reported that several other customers of CyberServe have been victimized on the same line, including transportation companies, museums, and tourism organizations. The information was reportedly uploaded to a Telegram channel. 

The Head of the Israel Internet Association Yoram Hacohen has blamed Telegram for the surge in cyber crimes activities in the nation. The chief said that “Telegram has failed to establish boundaries and is partially responsible for this as the social media platform does not limit the spread of private information”. 

The patients' data was released a few hours after the same cybercriminal group leaked the whole user database of an LGBTQ dating website in the country. The reports suggest that the data has been leaked as a threat to the dating app website as the owners of the app had refused to pay a ransom.

Hackers from the 'Black Shadow' Group Leaked Data from an Israeli LGBT App

 

On Saturday night, the hacker organisation "Black Shadow" released data from a number of Israeli companies, including the LGBTQ dating app "Atraf," the Dan bus company, and the Pegasus tour booking company. Following similar threats, they exposed data from the Kavim bus app earlier in the day. “They did not contact us ... So first data is here,” the group wrote on Telegram, attaching a snapshot of what appeared to be a database of personal information about Israeli individuals. "It will be more if you do not contact us," the organisation added. 

 On Saturday afternoon, Kavim issued a statement stating that they were aware of the security incident. “As soon as the incident became known to us, the company contacted the Transport Ministry, the Cyber Security Headquarters, and also hired external professionals in the field to complete a comprehensive, professional and independent investigation into the incident.” 

 According to the group, the Atraf website's database had information on one million people. Atraf is a geo-located dating service and nightlife index whose app and website are popular among Israel's LGBT community.

 “If we have $1 million in our [digital] wallet in the next 48 hours, we will not leak this information and also we will not sell it to anybody." The hacker group stated, "This is the best thing we can do," emphasising that it had access to users' chat content as well as event ticket and purchasing information. 

Some Atraf users' names and locations, as well as the HIV status that some users had posted on their profiles, have already been made public. The Israel AIDS task force told the Walla news site in a statement that they were deeply concerned by the news. The idea that a person's HIV positive status could be revealed without their consent disturbs the task force. 

 The Black Shadow hackers have yet to release the data troves they claim to have, despite the fact that the websites that were breached have been down since the attack was announced, as the hackers turned off the Cyberserve servers, thus shutting down their clients' websites. 

 The organisation sought bitcoins as ransom and shut down the servers when Cyberserve failed to make payment. It was previously responsible for assaults on Israeli vehicle insurance firm Shirbit and finance company KLS. In December 2020, Shirbit was the target of the greatest hack against an Israeli company at the time, with Black Shadow demanding 50 Bitcoins (almost $1 million at the time) as ransom.

'Black Shadow' Infiltrates Israeli Finance Firm, Demand $570,000 in Ransom

 

The private information of thousands of Israelis was compromised on Saturday following a cyberattack on the database of a major Israeli financial service firm. The hacking group called ‘Black Shadow’ announced Saturday that it has managed to access the servers of an Israeli financial service firm, KLS capital. 

“We are here to inform you a (sic) cyber-attack against K.L.S CAPITAL LTD which is in Israel. Their servers are down and we have all their clients’ information. We want to leak some part of their data gradually. Part of our negotiation will be published later,” the group wrote on the Telegram app.

The hackers demanded 10 bitcoins ($60,000) in ransom from the Israeli investment firm, but it refused to negotiate. As a result, the hacker group leaked the obtained data on their Telegram channel. Black Shadow is the same hacking group that carried out a major cyberattack against Shirbit insurance company in December. 

A few hours before making the declaration, the hacking group deliberately published blurred images of the identification cards of two people who work with the firm. A few minutes after the announcement, they published a few more documents and have since published dozens of additional documents including identity cards, letters, invoices, images, scanned checks, database information, and much more, including the private information of the CEO of the firm.

Last year in December, a prominent cybersecurity firm reached out to KLS Capital and alerted them of a potential breach, flagging a vulnerability associated with their use of a so-called VPN. They said there was a simple ‘patch’ that could provide a solution; however, it appears that no action was taken at the time.

In response, KLS capital stated: “The Israeli cyber authority reached out to us three days ago to warn us against a looming cyber attack against us. This attack is very similar to other attacks Iran and its proxies have conducted against Israeli targets – including private and public bodies. Our management acted immediately to take down our servers and join forces with the national cyber directorate – which together with our experts are examining the event.” 

In recent months, threat actors targeted several Israeli organizations including Shirbit insurance company, the Amitial software company, Ben-Guiron University of the Negev, and Israel Aerospace Industries.