Daryna Antoniuk reports:
Pro-Palestinian hackers say they breached dozens of Israeli entities amid the ongoing war in Gaza, which has also extended into cyberspace.
A group calling itself Cyber Toufan said it launched an operation against Israel at the end of November, promising to publish leaked information from hacked websites every day throughout the month.
Earlier this week, the group said on its Telegram channel that it had “fulfilled its promise” and released stolen data from 60 sites. Cybersecurity researchers said that in many cases, the data appears to be real.
The list included not only Israeli companies but also foreign firms doing business with the country such as SpaceX, Toyota and IKEA.
Read more at The Record.
Updated December 30. There is more to this story than DataBreaches knew at the time. It seems that a lot of the entities whose data was leaked were not individually attacked by Cyber Toufan. DataBreaches now understands that a cybersecurity firm, Radware, was attacked, and many of the companies whose data was subsequently leaked were all clients of one of Radware’s customers, Signature-IT.
In November, James Spiro reported for Calcalistech:
Over the last week, it [Cyber Toufan] has been dripping sensitive information belonging to Israelis who are connected to Signature-IT’s customers, including Max Security (a cybersecurity and geo-intelligence company), the Israel Innovation Authority, the Israeli government’s National Archives, Shefa Online (an Israel-based service used by Ikea), and Radware itself.
On December 25, Cyber Toufan actually addressed the issue in their Telegram channel, writing:
Some claim that we used a supply chain attack on the Israeli hosting company Signature-IT to compromise our targets. While we’ve never denied being the ones behind #OperationL3ech (the Signature-IT hack), those that are in the know, know that not every target we chose to include in #IsraelLeaks has a relation with Signature-IT.
That appears to be true. When contacted today with a list of victims leaked by Cyber Toufan, someone with knowledge of the firm’s incident response told the owner of the @CyberSecurityIL telegram channel, “Not all of the victims are 100% related to Signature-it but most of them (are).”
A list with many — but all — names of the victim entities can be found on @CyberSecurityIL. The list has not been updated since an Israeli court issued a gag order prohibiting publishing anything about the incident.
The channel’s owner also tells DataBreaches that there is another Israeli hosting company, Catom, also appears to have been the victim of a cyberattack. They tell DataBreaches that they have heard from some of Catom‘s clients that all their sites are down. So far, no group has publicly claimed credit for it, and Catom.com is down.