Over the past several months, a hacking group named Cyber Toufan has hit over 100 public and private organizations in Israel, as part of an aggressive campaign fueled by the intensifying geopolitical tensions in the region.
Bearing the hallmarks of a sophisticated threat actor and claiming to be formed of Palestinian state cyber warriors, Cyber Toufan rose to fame fast, executing complex cyberattacks against high-profile Israeli entities.
The group's tactics suggest that Cyber Toufan is likely sponsored by a government, with evidence pointing to potential Iranian involvement, Check Point reported in early December.
Security researchers have tracked over 100 intrusions associated with Cyber Toufan's operations, characterized by the exfiltration of large amounts of data, including personal information, and its release on the web.
To date, security researcher Kevin Beaumont says, the group has leaked on its Telegram channel the data of 59 organizations.
It likely compromised 40 more in an attack targeting a managed service provider.
Some of the victims, Beaumont says, have not been able to recover from the cyberattacks and have been offline for several weeks, likely because the attackers target Linux systems with a wiper.
For that, the group runs Shred using their own shell script, to ensure that the tool continues to run even if the process is killed by an administrator.
The group was also seen emailing the victim organizations' clients, to spread propaganda, and appears to be coordinating with other hacking groups in larger collective operations.
This Cyber News was published on www.securityweek.com. Publication date: Wed, 03 Jan 2024 15:43:04 +0000