Iranian-backed cyberattackers have struck Israeli tech companies and educational institutions
Iranian-backed cyberattackers have struck Israeli tech companies and educational institutions
Palo Alto Networks conducted an investigation but did not disclose the identity of the victims of the attackers, the extent or scope, or the type of information stolen and deleted.
A group of attackers linked to Iran has carried out a series of cyberattacks against educational institutions and technology companies in Israel since the beginning of the year, with the aim of stealing, publishing, and deleting sensitive information such as personal data or intellectual property from the attackers' databases, according to an investigation by the cybersecurity company Palo Alto Networks. The findings of this investigation are published today.
According to the findings, the attacks began in January 2023 and intensified last month after the October 7 massacre when terrorists from the murderous terrorist organization Hamas in Gaza slaughtered over 1,400 Israeli citizens in cities and towns within Israel. The research was conducted by a team from Palo Alto Networks's R&D center in Tel Aviv and was led by the head of Palo Alto's cyber threats research team, Assaf Dahan. "We are witnessing an escalation in the Iranians' attack capabilities, both in terms of frequency and sophistication and in their focus on devastating attacks," Dahan. "These attacks involve, on one hand, stealing information from Israeli companies and institutions, and on the other hand, determined attempts to wreak havoc and paralyze the digital space."
1 View gallery
The attacks began in January 2023 and intensified last month after the October 7 massacre
According to the research findings, the attackers exploited weaknesses in the web servers of the attack targets to gain initial access to computer systems and insert their hacking tools, which stole information and deleted it from the penetrated computer systems. "The final stage of the attacks implemented a 'scorched earth' strategy, using dedicated deletion waves to render endpoints unusable and conceal the attackers' tracks."
The group of hackers behind the series of attacks is known as ‘Agonizing Serpens’, part of an Iranian-backed APT group thought to be operating since 2020. "This group is known for its destructive tools and primarily targets Israeli organizations across various sectors and countries," the study states. "Although previous reports on these attacks described them as ransom attacks, it turns out that this was a deception. In the most recent attacks, the attackers did not demand a ransom, and the potential outcomes of the attack included extensive data loss and disruptions to business continuity."
According to the researchers, the attack group has two main goals: "The first goal is to steal sensitive information, including personal identifying information and intellectual property, which is then published on social media and Telegram channels. It is likely that their motive for posting on social media is to create panic and damage the reputation of the attack's targets. The second goal is to cause significant destruction and damage by erasing as much information as possible."
Palo Alto did not disclose the identity of the victims of the attackers, the extent or scope, or the type of information stolen and deleted. However, the investigators noted that they did not identify any non-Israeli organizations among the attack group's targets.
