Hackers, apparently linked to Iran, said Friday they had broken into the servers of Israeli internet hosting company Cyberserve, bringing down a number of widely used websites.
The Black Shadow group, which Hebrew-language media reports said was Iranian, warned the Israeli company that it was in possession of data that could be leaked. The group has not confirmed that it is Tehran-backed.
“Hello Again! We have news for you,” the hackers wrote in a message circulated on social media on Friday evening. “You probably could not connect to many websites today. ‘Cyberserve’ company and their customers [were] hit by us. You may ask what about Data? As always, we have lots of it. If you don’t want your Data leaked by us, contact us soon.”
Black Shadow stole a vast trove of information from Israeli insurance company Shirbit last year and then sold it on the dark web when the firm refused to pay a ransom.
Cyberserve’s customers include the Dan and Kavim public transportation companies, the Children’s Museum in Holon, the Pegasus travel company and the blogsite of the Kan public broadcaster.
The websites of a number of Cyberserve’s customers were unavailable on Saturday morning.
Last year, the Black Shadow attacked the Shirbit insurance firm and opened ransom negotiations, but the company said it wouldn’t pay, leading to the dark web sale of information stolen from the firm.
Many of Shirbit’s clients are from the public sector and images of private documents released included the vehicle registration and credit card details of an employee at the President’s Residence, as well as personal correspondence and a marriage certificate, as well as the personal details of the president of the Tel Aviv District Court.
Unnamed Israeli officials told Channel 12 news at the time of the attack that they believed a state was behind the Black Shadow attack. However, they did not name the country.
Israel and Iran have been engaged in a years-long shadow war, with Israel allegedly directing most of its efforts — including multiple suspected cyberattacks — at sabotaging the Islamic Republic’s nuclear program.
This week, an unprecedented cyberattack took down Iran’s subsidized fuel distribution system.
Abolhassan Firoozabadi, a top official in Iran’s Supreme Council of Cyberspace, told state broadcaster IRIB that the attack had apparently been carried out by a foreign country, though it was too early to name suspects. He also linked the attack to another one that targeted Iran’s rail system in July.
The next day, an Iranian official tweeted in Hebrew that the “enemy’s goal” of fomenting unrest through gas shortages had been thwarted.
Numerous suspected Iranian cyberattacks on Israel were reported in recent years, including one that targeted its water infrastructure in 2020.
Microsoft said this month that Iran had increased its hacks on Israel fourfold in the past year.
“Microsoft detected an increased focus from a growing number of Iranian groups targeting Israeli entities… and with that focus came a string of ransomware attacks,” the company’s annual Digital Defense Report said.
Google has also warned of a surge in state-backed hackers, with a report focusing on the “notable campaigns” of a group linked to Iran’s Revolutionary Guard Corps.