Hackers, apparently linked to Iran, said Friday they had broken into the servers of Israeli internet hosting company Cyberserve, bringing down a number of widely used websites.
The Black Shadow group, which Hebrew-language media reports said was Iranian, warned the Israeli company that it was in possession of data that could be leaked. The group has not confirmed that it is Tehran-backed.
“Hello Again! We have news for you,” the hackers wrote in a message circulated on social media on Friday evening. “You probably could not connect to many websites today. ‘Cyberserve’ company and their customers [were] hit by us. You may ask what about Data? As always, we have lots of it. If you don’t want your Data leaked by us, contact us soon.”
Black Shadow stole a vast trove of information from Israeli insurance company Shirbit last year and then sold it on the dark web when the firm refused to pay a ransom.
Cyberserve’s customers include the Dan and Kavim public transportation companies, the Children’s Museum in Holon, the Pegasus travel company and the blogsite of the Kan public broadcaster.
Get The Times of Israel’s Daily Edition by email and never miss our top stories
The websites of a number of Cyberserve’s customers were unavailable on Saturday morning.
Last year, the Black Shadow attacked the Shirbit insurance firm and opened ransom negotiations, but the company said it wouldn’t pay, leading to the dark web sale of information stolen from the firm.
Many of Shirbit’s clients are from the public sector and images of private documents released included the vehicle registration and credit card details of an employee at the President’s Residence, as well as personal correspondence and a marriage certificate, as well as the personal details of the president of the Tel Aviv District Court.
Unnamed Israeli officials told Channel 12 news at the time of the attack that they believed a state was behind the Black Shadow attack. However, they did not name the country.
Israel and Iran have been engaged in a years-long shadow war, with Israel allegedly directing most of its efforts — including multiple suspected cyberattacks — at sabotaging the Islamic Republic’s nuclear program.
A gas station is seen standing empty because the pumps are out of service, in Tehran, Iran, Tuesday, Oct. 26, 2021. (AP Photo/Vahid Salemi)
Abolhassan Firoozabadi, a top official in Iran’s Supreme Council of Cyberspace, told state broadcaster IRIB that the attack had apparently been carried out by a foreign country, though it was too early to name suspects. He also linked the attack to another one that targeted Iran’s rail system in July.
The next day, an Iranian official tweeted in Hebrew that the “enemy’s goal” of fomenting unrest through gas shortages had been thwarted.
Numerous suspected Iranian cyberattacks on Israel were reported in recent years, including one that targeted its water infrastructure in 2020.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.