Israel's supply chain targeted in massive cyberattack

A hack into the servers of software company Amital Data led to an attack on some 40 of its clients, including some of the country’s largest in the logistics and importing sectors

Meir Orbach and Golan Hazani 11:3713.12.20
Dozens of Israeli importers and logistics companies were struck by a severe cyberattack last weekend. The hackers managed to break into the servers of dozens of companies and penetrate Israel's supply chain. The companies that were attacked are among Israel's biggest in the logistics sector and such an attack has the potential of severely disrupting the supply of basic commodities to the country. The stolen information may also be of strategic value to enemy states. Despite the successful hack, there has yet to have been a request for ransom, which raises the suspicion that the attack was strategic in nature with the target of acquiring information on critical Israeli infrastructure.


The lion's share of the attack was conducted via Amital Data, which provides software solutions for freight forwarders, shipping agents, airline cargo sales agents, and customs brokers. The hackers broke into Amital's computers and stole its list of clients, including their login information, which they then used to hack into their systems. According to a source who spoke to Calcalist under the condition of anonymity, at least 40 of Amital's clients were hacked at some level. Some of the hacked companies are among the country's biggest in the logistics and importing sector, and some also own shares in Amital.


Cybersecurity. Photo: Courtesy Cybersecurity. Photo: Courtesy


During the investigation into the Amital hack, it was discovered that there were some 15-20 further attacks on logistics companies that aren't among Amital's clients. The significance of the discovery is that the attackers seemed to have had a methodical plan to acquire information of such nature from a broad number of companies. The full list of the hacked companies is still unknown, but among Amital's clients are companies that are involved in importing sensitive military equipment. Amital tried to downplay the hack in recent days and hired a PR company in an attempt to minimize its damage.


Among Amital's clients who also own shares in the company is Fritz, one of the top three freight forwarders operating in Israel, with Rachel Bitton, Senior VP International Freight Forwarding at Fritz, also serving on Amital's board of directors. Bitton told Calcalist that her company didn’t suffer a cyberattack. Another of Amital's clients is Mentfield Logistics Israel of the Mentfield Group, which is an international freight forwarding, shipping, customs clearance and logistics services provider. The company’s website says that its customer base includes the defense industry, however, it too denied any damage or attack. Orian SH.M. Ltd, which owns shares in Amital and is traded on the Tel Aviv Stock Exchange (TASE), filed a report with the TASE on Sunday in which it wrote that information from the company’s servers has been leaked as a result of the hack, which according to is knowledge affected some 40 of Amital’s clients.


As part of its damage control, Amital has taken down its main website and replaced it with a page that says it is 'under construction'. According to Yossi Rachman, Director of Security Research at Israeli cyber company Cybereason, the attack looks to be a wide-scale intelligence operation, assuming it wasn’t random in nature. "If you take into account Amital's significance in exporting and importing to and from Israel, this resembles the Russian attack on Ukraine in 2017 with the NotPetya malware. By hacking into a popular accounting software in Ukraine, the Russians managed to paralyze the Ukrainian economy for several days."


Lotem Finkelstein, Threat Intelligence Group Manager at cybersecurity giant Check Point, said it is no coincidence we are witnessing an increased number of attacks on Israeli companies. "This is the result of attack groups with advanced capabilities identifying the success of others in attacking Israeli organizations and their wish to also grab a share of the loot," explained Finkelstein. "Most of the recent notable incidents were ransomware attacks, but while these are a significant part of the total number of hacks they aren't the only type of attack."


Finkelstein noted that there has been a steady increase in the number of attacks against Israeli organizations over the past six months. While in July the number of cyberattacks against Israeli organizations was estimated at 19,000, in November that figure reached 33,600, an increase of 74%.


Amital Data said in response to the report: "Two weeks ago the company's defensive systems identified attempts to attack the company's computers, as well as those of some of its clients. The incident is part of a chain of events at a national level that are being investigated and monitored by the Israel National Cyber Directorate. As part of the company's protocol, the company's defense layers were strengthened and a dedicated operations room was set up in order to address any related issue. The company is using the assistance of experts in the cybersecurity sector in order to contain the incident. At this stage, there is isolated damage. We will regularly update on any development."


Mentfield said in response: "After we learned that the Amital servers had been breached we checked all of our systems via a cyber expert and we received a green light to continue and operate all our servers without fear. Our servers are clean, protected and safe."