Iranian hackers breach Israeli company, release data – report

The Iranian hacker group Black Shadow released what they say is data from Israeli bus line Kavim on Telegram on Saturday.

“They did not contact us …So first data is here ! “Kavim Bus” ‘https://www.kavim-t.co.il/,'” the group said on Telegram, sending with it a picture of what appears to be a database containing Israelis’ personal information.

“If you do not contact us , it will be more,” added the group.

On Friday, the group announced that they had hacked into the servers of the Israeli Internet company Cyberserve, promptly turning them off and threatening to leak data.

Cyberserve is a web hosting company, meaning it provides servers and data storage for other companies across industries. The data seized by the Iranian hackers covers a wide variety of businesses: from travel bookings company Pegasus to the Dan bus company and even the Israeli Children’s Museum.

Among other things, Cyberserve is responsible for the development of “Atraf,” an LGBTQ dating site, that has been down since early Saturday; raising concerns that hackers may have access to sensitive information that could lead to the sexual orientation of site users being made public.

“Hello again! We have news for you,” the group said in a Telegram message. “You probably could not connect to many sites today. Cyberserve and their customers were harmed by us,” adding another ominous threat: “You must be asking – what about the data? As always, we have a lot. If you do not want it to be leaked by us, contact us soon.”

The Black Shadow hackers have yet to leak the troves of data they claim to have, though the websites breached have been offline since the attack was announced, as the hackers turned off the Cyberserve servers, thus disabling their clients’ websites.

Responsible for previous attacks on Israeli vehicle insurance company Shirbit and finance company KLS, the Iran-based group demanded bitcoins as ransom and shut down the servers when Cyberserve failed to deliver payment. Its December 2020 attack of Shirbit was the largest cyberattack against an Israeli company at the time; Black Shadow had requested 50 Bitcoins (nearly $1 million at the time) as ransom.

A 2020 survey showed that Israeli companies paid out over $1 billion to hackers as ransom in 2020, with the 2021 figure expected to increase.

Israeli cyber-security experts warned, however, that their motives are not strictly financial, but that Black Shadow is made up of Iranian-backed state agents whose goals are to harm and humiliate Israeli companies. Last year’s attack on Shirbit led to the publication of Israeli customers’ private files, including marriage certificates, financial documents, identity card scans and medical documents. They also threatened to sell the data to Iran if payment was not met.

Among their constant conflicts and clashes, Israel and Iran have traded blows in the cybersecurity space. Black Shadow’s attack comes just three days after Iranian gas stations were hit by a cyberattack that crippled gas pumps. Israel reportedly hacked Iran’s Shahid Rajaee Port in May 2020 as a counter strike for an attempted Iranian cyber strike on Israel’s water supply system the previous month.

Most notably among the incidents of cyber-warfare, Israel’s Mossad intelligence agency was accused of being behind last April’s cyberattack that nearly wiped out Iran’s main uranium enrichment facility. Western sources quoted in Israeli media said the attack, which was initially referred to as an “accident” by Iran, was carried out by the Mossad.

It remains unclear whether or not Cyberserve plans to pay Black Shadow’s desired ransom or how the hacker group plans to publicly leak the data.