The hacker group called “the Black Shadow” is responsible for leaking sensitive data from several Israeli organizations, such as the LGBTQ dating app “Atraf,” Dan bus company, and tour booking company Pegasus on 30th October 2021 (Saturday).
According to Hebrew-language media reports, the Black Shadow group was Iranian and warned the Israeli company that it had now taken control of the data and could leak it. However, the group has yet to confirm that Tehran backs it.
The hacker group leaked the data they stole from the Kavim bus app. According to a message via Telegram, the hacker group had to say this:
They did not contact us … So the first data is here. If you do not contact us, (sic) it will be more.
According to an official statement released by Kavim:
As soon as the incident became known to us, the company contacted the Transport Ministry, the Cyber Security Headquarters, and also hired external professionals in the field…to complete a comprehensive, professional and independent investigation into the incident.
The hacker group also announced on Friday that they had successfully hacked into Cyberserve servers – an Israeli internet company, resulting in shutting them down and threatening to leak the sensitive stolen information.
Iranian hackers take down servers of Israeli internet hosting company Cyberserve https://t.co/TWuA8oR474
— The Times of Israel (@TimesofIsrael) October 30, 2021
Cyberserve provides servers and data storage solutions to various other other companies. The Iranian hackers stole data covering various businesses, such as travel bookings company Pegasus, Dan bus company, and even the Israeli Children’s Museum.
Cyberserve is also responsible for developing “Atraf,” an LGBTQ dating site that has been down since Saturday. This raises concern that the Black Shadow hackers may have obtained some sensitive information that they could leak online.
In another message via Telegram, the group said:
Hello again! We have news for you. You probably could not connect to many sites today. Cyberserve and their customers were harmed by us. You must be asking – what about the data? As always, we have a lot. If you do not want it to be leaked by us, contact us soon.
The group had directed to pay bitcoins as ransom and threatened to disable the the servers if Cyberserve doesn’t obliged. According to a survey conducted in 2020, it was revealed that the Israeli companies paid out over $1 billion to hackers as ransom.
Einat Meyron, a Cybersecurity consultant, said:
The identity of the attacking group is a little less important. On the part of the attacked companies – for insurance and reputation reasons, it is clear that they will want to attribute the attack to Iran. There is no need to make it easier for attackers by refraining from exercising basic defenses in practice.
In December, Zohar Pinhasi, CEO of cyber security service MonsterCloud, while speaking to The Jerusalem Post, claimed that the Black Shadow wanted to harm Israel strategically and is not looking for money.
This claim is repeated in every sector that is attacked and in every country. The hack is almost always first and foremost a ransom attack and on a financial basis. The Pandora’s box has opened and now the company is trying to downplay the severity of the hack and frame it as a matter of national security to prevent damage to their reputation and come out as alright with the regulator and customers.
The Iran and Israel feud has had its impact on the cybersecurity space. The recent Black Shadow attack happened just three days after an Iranian gas stations was hit by a cyberattack which left the gas pumps crippled.
In addition, Israeli’s reportedly hacked Iran’s Shahid Rajaee Port as a counter strike for an attempted Iranian cyber strike on Israel’s water supply system.
It remains to be seen whether Cyberserve decides to pay the hacker group’s desired ransom or how the hacker group plans to leak the data publicly.