(October 31, 2021 / Israel Hayom) A hacker group affiliated with Iran announced on Friday that it had breached the servers of an Israeli web-hosting company and threatened to leak data pertaining to thousands of users.
The group, calling itself “BlackShadow,” shuttered servers belonging to Cyberserve, which provides servers and data storage for companies such as Israel’s Kan news public broadcaster; the Israel Lottery; Birthright; the Dan and Kavim public transportation companies; the Children’s Museum in Holon; the LGBTQ dating app “Atraf”; the tour-booking company Pegasus; the Israeli Children’s Museum; and dozens more.
BlackShadow first surfaced last year, with a massive breach of Israeli insurance company Shirbit and later of KLS Capital. Information on both companies’ clients was leaked in the days following the breach.
“Hello again! We have news for you,” the group said in a Telegram message. “You probably could not connect to many sites today. Cyberserve and their customers were harmed by us. … You must be asking—what about the data? As always, we have a lot. If you do not want it to be leaked by us, contact us soon.”
While last year’s cyber attack included a clear demand for ransom that was increased as time went by, it is unclear whether the hackers plan to follow the same modus operandi this time.
The fact that the hackers targeted an LGBTQ dating app raised particular concern among its users, as the hackers have already begun leaking their names.
The Aguda Association for LGBTQ Equality in Israel on Saturday called on the National Cyber Directorate to “urgently act to prevent data leaks,” adding that the release of such personal information is “a danger to [the users’] mental health,” according to Israeli media reports.
On Saturday, BlackShadow hackers leaked information from Kavim. The bus company issued a statement saying the company was aware of the breach and has alerted the Transport Ministry and the National Cyber Directorate, and has “also hired external professionals in the field to complete a comprehensive, professional and independent investigation into the incident.”
The National Cyber Directorate said on Saturday that it had “warned Cyberserve multiple times” over the past year that it was vulnerable to such attacks.
It further advised Israelis whose personal data was compromised to change their passwords, enable two-factor authentication, and remain vigilant for suspicious emails and messages.
This article first appeared in Israel Hayom.
https://www.jns.org/iranian-hackers-breach-israeli-web-hosting-company-threaten-to-release-sensitive-data/