12.11.2024, 19:23
Zitat:Inside the Handala Hack: Iranian Cyber Warfare and the Rise of Wiper Attacks Targeting Israeli Systemshttps://op-c.net/blog/handala-hack-cyber...on-israel/
...
Throughout 2024, Handala has launched a number of high-impact cyberattacks on Israeli critical infrastructure.
Some of the most notable ones have included:
- DRS RADA & Israeli Radar Systems Breach: Handala allegedly breached DRS RADA, one of the leading providers of radar systems for Israel’s defense sector, potentially compromising the Iron Dome system.
- MyCity Application False Messages: In June, Handala targeted civilians by sending alarming SMS messages to residents of Ma’ala Yosef regional council. These messages included a link to a compromised version of the MyCity mobile app, which, if downloaded, would allow Handala to further infiltrate the device.
- Wiper Malware Campaign: On July 20th, Handala launched a mass phishing campaign that used CrowdStrike-themed emails as lures. The emails appeared to be urgent security alerts from the reputable cybersecurity firm, but included links that downloaded wiper malware, a destructive tool designed to erase or corrupt data on infected systems.
Over the last few months, their activity has ramped up even more, with a focus on key political figures and strategically significant institutions. Here is a breakdown of the most recent attacks:
Israeli politicians email attacks (September & October, 2024)
Since September 2024, Handala has orchestrated a series of high-profile email breaches targeting prominent Israeli politicians. These attacks are likely to continue as Handala seeks to expose sensitive information related to Israel’s national security, defense strategies, and foreign relations.
The list of targeted politicians includes:
- Ron Prosor – Israeli ambassador to Germany and former Mossad officer. Handala leaked 50,000 emails from Prosor’s account, exposing sensitive diplomatic communications.
- Ehud Barak – Former Israeli prime minister. Handala leaked 110,000 emails from Barak’s personal and official accounts.
- Gabi Ashkenazi – Former Minister of Foreign Affairs and Chief of General Staff of the Israeli Armed Forces. The breach included 60,000 emails from Ashkenazi’s account, exposing communications that could disrupt Israel’s foreign policy efforts.
- Benny Gantz – Former Defense Minister. Handala leaked 35,000 emails and 2,000 private photos of Gantz, revealing internal defense discussions.
Soreq Nuclear Research Center (September 28, 2024)
Handala targeted Israel’s Soreq Nuclear Research Center, a critical facility for nuclear research. The group claims to have stolen comprehensive data, including emails, sensitive infrastructure blueprints, personnel information, and administrative documents. This breach poses serious risks for national security, as the stolen data could reveal vulnerabilities within Israel’s nuclear infrastructure, potentially compromising its nuclear capabilities.
Shin Bet (October 3, 2024)
In early October, Handala infiltrated Shin Bet’s security system responsible for monitoring officer’s phones. Handala claimed to have installed malware on these devices, gaining access to confidential information of approximately 30,000 officers, as well as communication logs.
Israeli Industrial Batteries – IIB (October 6, 2024)
On October 6, Handala infiltrated Israeli Industrial Batteries (IIB), a key supplier of energy storage infrastructure to Israel’s defense and military sectors. The group leaked 300GB of sensitive data, including technical specifications, client information, and operational logistics. This breach threatens Israel’s defense supply chain, particularly impacting the military’s reliance on secure, energy-dependent technologies.
Max Shop (October 8, 2024)
Max Shop is a terminal system used in over 9,000 stores across Israel. On October 8th, Handala breached the Max Shop network and dumped 1.5TB of data, including financial transactions and customer details. Handala also defaced kiosk screens and sent threatening messages to over 250,000 Israeli citizens via SMS.
AGAS (October 28, 2024)
AGAS, one of Israel’s largest providers of cloud and cybersecurity services, was breached by Handala on October 28. The hack compromised 74 servers, exposing critical data from over 500 organizations, including government agencies and major corporations. This attack demonstrated Handala’s capacity to infiltrate supply chain networks, threatening not just AGAS but its clients who rely on its secure services for their operations.
Elad Municipality (November 3, 2024)
One of their most recent attacks affected the Elad Municipality on November 3. The hack wiped servers and exposed over 3TB of confidential data, paralyzing municipal operations and community services. The personal data of residents was also exposed.
You can see a summary of all the confirmed attacks here, listed in reverse chronological order (latest first).
Nanu? Israel scheint sich für iranische Hacker zu einem Selbstbedienungsladen entwickelt zu haben.