Posted on November 3, 2021 at 5:02 PM
The Iranian-based Black shadow hacking Syndicate has released the alleged full database of personal information containing medical records of about 290,000 patents from Israel’s Machon Mor diagnostic medical institute.
The released data includes blood test results of patients, vaccinations from flights abroad, and ultrasounds. It also contains CT scans, colonoscopies, and appointments for gynaecologists, as well as treatments.
Earlier, the group demanded a ransom of $1 million in cryptocurrency. However, after waiting to no avail for the ransom to be paid, it decided to upload the hacked database to a channel on the Telegram messaging app.
Head of Israel’s Internet Association, Yoram Hacohen, commented on the attack, saying that “Israeli citizens are experiencing cyber terrorism.”
He added that the attack is considered one of the most serious on privacy that the country has ever witnessed.
Hacohen called the attack an act of terrorism and noted that they are focused on reducing the negative impact of the data breach. He stated that they will try to suppress the distribution of the stolen data as much as possible.
Telegram Blamed For Aiding The Threat Actors
Hacohen has called for the corporation of tech firms to limit the exposure of the stolen data on platforms. He further blamed Telegram for serving as an aid to the hackers to post the information online.
The latest attack is coming after a massive cyberattack affected Iran’s gas distribution system, causing a shortage in its gas supply. Officials in Tehran said the United States and Israel are responsible for the attack.
Israel and Iran have been engaged in a so-called “shadow war”, which has resulted in several attacks on Iranian and Israeli ships. Both governments are pointing accusing fingers at each other for the attacks suffered in their respective countries.
Before leaking the stolen data, the hacking group warned that it has more plans if the ransom is not paid. “48 hours ended! Nobody send us money. This is not the end, we have more plan,” the group wrote.
The hacking syndicate also posted screenshots of what looks like negotiations over the ransom. While CyberServe denied having any ransom negotiation, the group allegedly refused a $500,000 payment in the images of the conversation.
Users Warned Against Downloading The Leaked File
Cyber experts have warned users not to download the database the hacking group had exposed.
The compromised data is causing some concern among the users of the Atraf site, as their privacy has been breached. Many of them have not publicly disclosed their gender identification or sexual orientation.
The group stated that it had to execute its threat after the ransom deadline it gave passed on Tuesday. The group added that the data contains the names and residential addresses of the Atraf users, including the HIV status some of the users put on their profile.
On Friday, the CyberServe Israeli internet hosting company was infiltrated, which took down its servers and several other sites, including Atraf.
Shortly after the hack, the group stated that it was motivated by money, saying that it will not expose users’ details online if it receives $1 million in crypto funds. The group added that it had users’ purchasing information and chat content.
The threat actors also noted that they had not been contacted by CyberServe or anyone in the Israeli government. They added that the reluctance to contact them shows that the hack was not important to them.
Israeli National Cyber Directorate stated that it notified Cyberspace earlier that it was been targeted and was vulnerable to an attack.
The Attack Affected Several Other Organizations
The attack also affected other websites, including tourism company Pegasus, Kavim, a children’s museum, as well as an Israeli transportation company, Dan.
Shortly after the attack, Black Shadow claimed responsibility for the attack, publishing what it said was client data such as the names, email addresses, and phone numbers of the Kavim clients.
After complaining that CyberServe has not made any content regarding the ransom payment, the group released a second set of data. This time, the data contained information about clients of Dan transportation company and travel agency.
Last year, the group was responsible for breaching the Israeli Shirbit insurance firm. Like the present ransomware attack, the group demanded $1 million from the victimized company. However, when payment was not forthcoming, it started leaking the personal information of clients of the company.