Posted on November 1, 2021 at 5:05 PM
An Iranian hacking group has gained access to the servers of an Israeli web-hosting company. The hacking group has stated that it will leak this data if its demands are not met.
The Iranian hacking group is known as “BlackShadow”, and it has gained access to the servers that belong to Cyberserve, a firm that offers server and data hosting services to companies.
Breach Affects Thousands of users
Cyberserve is one of the integral web hosting companies in Israel because of its vast user base. Some of the firms that rely on this company include the local Kan news public broadcaster, the Israel Lottery, Birthright, an LGBTQ dating app, a tour booking company, the Israeli Children’s museum, some public transportation companies and many more.
This is not the first time that BlackShadow has been linked to data breaches. The organization has previously been linked to the hacking attack on KLS Capital and Shirbit, an Israeli insurance company. The data obtained during these two attacks was later leaked to the public after a few days.
Confirming that the group was responsible for the hack, they took to Telegram, stating, “Hello again! We have news for you. You probably could not connect to many sites today. Cyberserve and their customers were harmed by us… You must be asking – what about the data? As always, we have a lot. If you do not want it to be leaked by us, contact us soon.”
Neither the hacking group nor the company has stated what the demands are. However, the hackers have called for the affected parties to contact them shows that the demand is most likely a ransom payment.
In the previous attacks, the hackers had demanded a ransom from the companies. The amount of the ransom was increased with time. However, it remains unclear whether the hackers will still use this method this time around.
Out of the compromised websites being hosted by Cyberserve, the most sensitive one is the LBTQ dating app. The users of this app have especially raised their concerns because the hacking group has started to release the names of the individuals who have been using the application.
The Aguda Association for the LGBTQ community in Israel has urged the National Cyber Directorate to act urgently to prevent the data from being leaked. The association has stated that if the personal information of the users of that app is leaked, it will pose a danger to the users’ mental health.
On Sunday, it was reported that the hacking group had demanded a ransom payment of $1 million in digital currency to stop publishing the information acquired from the LGBTQ online. “If we have 1 million $ in our wallet in the next 48 hours, we will not leak this information, and also we will not sell it to anybody,” the statement read.
The group has already published some information acquired from the sites it had breached. The leaked information includes the profiles of around 1000 users of the Atraf dating app. Some of the leaked details include the HIV status of users, their sexual orientation and unencrypted passwords.
Over the weekend, the hacking group also leaked the details of a public transportation bus company, Kavim. The company stated that it was already aware of the breach. It also added that it had notified the Ministry of Transport and the National Cyber Directorate about the vulnerable information to the hackers.
In the statement, Kavim stated that it was already taking measures to ensure that the hacking group was not compromised any further. The company stated that it had “hired external professionals in the field to complete a comprehensive, professional and independent investigation into the incident.
Cyberserve had initially Been Warned of Vulnerabilities
A statement issued by the National Cyber Directorate in Israel stated that it had previously warned CyberServe that it was vulnerable to a hacking attack. Libi Oz, a spokeswoman for the agency, stated that the directorate had issued warnings to CyberServe “several times” over the past year.
On the other hand, CyberServe did not immediately respond to inquiries over the matter. However, in a statement issued on Saturday, the firm stated that it was dealing with an “Iranian cyber terror event.” This showed that it had already acknowledged the attack and was probably working to solve the matter. “From the moment we got the warning on the issue from the National Cyber Directorate, even before the incident, we cooperated fully and fulfilled all the directorate’s guidelines,” the report stated.