Since mid-November, one Iran-linked hacktivist group has managed to breach more than 100 organizations in and around Israel, wiping servers, leaking sensitive data, and spreading follow-on attacks down the supply chain.
Since October 7, anti-Israel hacktivists have proven largely ineffectual - quick to make grandiose claims on social media, less likely to provide evidence to back those claims up.
On November 16, the group compromised Signature-IT, an Israeli company that specializes in hosting international websites for businesses.
Through it, the hacktivists managed to reach dozens of significant companies and government organizations in Israel, as well as international companies doing business with Israel.
Though the leaks have slowed in recent days, the group continues to twist the knife by performing follow-on email attacks against victims' employees and customers.
Israel's Most Prolific Hacktivist Enemy Cyber Toufan first announced itself to the world by creating a Telegram channel a month into the Gaza war, and releasing a statement.
The operation compromised more than 150 targets, it continued, spread across government, manufacturing, e-commerce, cybersecurity, and other sectors.
Empty claims like these have been made ad nauseum since October 7, but this time it was actually true.
Shortly after founding its Telegram channel, Cyber Toufan published data belonging to ACE Israel, a branch of ACE Hardware.
The next day it was Shefa Online, an Israeli e-commerce company.
Then the group started publishing two leaks per day.
On day three it was Radware and Max Security, two Israeli cybersecurity companies.
On day four, the Israel Innovation Authority and Ikea Israel.
Israeli branches of multinational companies like Toyota and Toys 'R' Us were attacked, as well as companies that simply did business with Israeli firms, like Berkshire eSupply, a subsidiary of Berkshire Hathaway, and SpaceX. The Extent of the Damage Many of these victims appear to derive from an initial breach and wiping of servers belonging to Signature-IT. This supply chain link bears significantly on the nature of the leaked data.
The leaks were only part of the story as even after its leak schedule ceased on December 27, Cyber Toufan is continuing to cause damage to its victims, as well as those connected to them.
On one front, the group is using its victims' corporate email domains to blast hacktivist messages to as many people as possible.
As a result of having their servers wiped, websites belonging to many Cyber Toufan victims - more than a dozen as of last week, according to a blog post by cyber researcher Kevin Beaumont.
More than a month after its breach was first announced, at the time of this writing, the website for Berkshire eSupply is down.
The company has since filed a data breach notification with the Maine Attorney General, estimating that 16,736 people were affected.
He argues that the scale and sophistication seen here - alongside overlaps in methodology and the wiper malware utilized against victims, as well as the nature of the targets and data leaked - suggests links between Cyber Toufan and Iran.
This Cyber News was published on www.darkreading.com. Publication date: Thu, 04 Jan 2024 14:35:25 +0000