Israel | Breaking Cybersecurity News | The Hacker News

Cybersecurity researchers have discovered an attack campaign that targets various Israeli entities with publicly-available frameworks like Donut and Sliver. The campaign, believed to be highly targeted in nature, "leverage target-specific infrastructure and custom WordPress websites as a payload delivery mechanism, but affect a variety of entities across unrelated verticals, and rely on well-known open-source malware," HarfangLab said in a report last week. The French company is tracking the activity under the name Supposed Grasshopper. It's a reference to an attacker-controlled server ("auth.economy-gov-il[.]com/SUPPOSED_GRASSHOPPER.bin"), to which a first-stage downloader connects to. This downloader, written in Nim, is rudimentary and is tasked with downloading the second-stage malware from the staging server. It's delivered by means of a virtual hard disk (VHD) file that's suspected to be propagated via custom WordPress sites as part of a drive-

An Iranian threat actor affiliated with the Ministry of Intelligence and Security (MOIS) has been attributed as behind destructive wiping attacks targeting Albania and Israel under the personas Homeland Justice and Karma, respectively. Cybersecurity firm Check Point is tracking the activity under the moniker  Void Manticore , which is also referred to as  Storm-0842  (formerly DEV-0842) by Microsoft. "There are clear overlaps between the targets of Void Manticore and  Scarred Manticore , with indications of systematic hand off of targets between those two groups when deciding to conduct destructive activities against existing victims of Scarred Manticore," the company  said  in a report published today. The threat actor is known for its disruptive cyber attacks against Albania since July 2022 under the name Homeland Justice that involve the use of bespoke wiper malware called  Cl Wiper  and  No-Justice  (aka LowEraser). Similar wiper malware attacks have also targeted Wi

As a vCISO, you are responsible for your client's cybersecurity strategy and risk governance. This incorporates multiple disciplines, from research to execution to reporting. Recently, we published a comprehensive playbook for vCISOs, "Your First 100 Days as a vCISO – 5 Steps to Success" , which covers all the phases entailed in launching a successful vCISO engagement, along with recommended actions to take, and step-by-step examples.  Following the success of the playbook and the requests that have come in from the MSP/MSSP community, we decided to drill down into specific parts of vCISO reporting and provide more color and examples. In this article, we focus on how to create compelling narratives within a report, which has a significant impact on the overall MSP/MSSP value proposition.  This article brings the highlights of a recent guided workshop we held, covering what makes a successful report and how it can be used to enhance engagement with your cyber security clients.

A group with links to Iran targeted transportation, logistics, and technology sectors in the Middle East, including Israel, in October 2023 amid a surge in Iranian cyber activity since the onset of the Israel-Hamas war. The attacks have been attributed by CrowdStrike to a threat actor it tracks under the name  Imperial Kitten , and which is also known as Crimson Sandstorm (previously Curium), TA456, Tortoiseshell, and Yellow Liderc. The latest findings from the company build on prior reports from  Mandiant ,  ClearSky , and  PwC , the latter of which also detailed instances of strategic web compromises (aka watering hole attacks) leading to the deployment of IMAPLoader on infected systems. "The adversary, active since at least 2017, likely fulfills Iranian strategic intelligence requirements associated with IRGC operations," CrowdStrike  said  in a technical report. "Its activity is characterized by its use of social engineering, particularly job recruitment-themed content, to deli

Israeli higher education and tech sectors have been targeted as part of a series of destructive cyber attacks that commenced in January 2023 with an aim to deploy previously undocumented wiper malware. The intrusions, which took place as recently as October, have been attributed to an Iranian nation-state hacking crew it tracks under the name Agonizing Serpens, which is also known as Agrius, BlackShadow and Pink Sandstorm (previously Americium). "The attacks are characterized by attempts to steal sensitive data, such as personally identifiable information (PII) and intellectual property," Palo Alto Networks Unit 42 said in a new report shared with The Hacker News. "Once the attackers stole the information, they deployed various wipers intended to cover the attackers' tracks and to render the infected endpoints unusable." This includes three different novel wipers such as MultiLayer, PartialWasher, and BFG Agonizer, as well as a bespoke tool to extract inf

A pro-Hamas hacktivist group has been observed using a new Linux-based wiper malware dubbed  BiBi-Linux Wiper , targeting Israeli entities amidst the ongoing Israeli-Hamas war. "This malware is an x64 ELF executable, lacking obfuscation or protective measures," Security Joes  said  in a new report published today. "It allows attackers to specify target folders and can potentially destroy an entire operating system if run with root permissions." Some of its other capabilities include  multithreading  to corrupt files concurrently to enhance its speed and reach, overwriting files, renaming them with an extension containing the hard-coded string "BiBi" (in the format "[RANDOM_NAME].BiBi[NUMBER]"), and excluding certain file types from being corrupted. "While the string 'bibi' (in the filename), may appear random, it holds significant meaning when mixed with topics such as politics in the Middle East, as it is a common nickname used

An election campaigning website operated by Likud―the ruling political party of Israeli Prime Minister Benjamin Netanyahu―inadvertently exposed personal information of all 6.5 million eligible Israeli voters on the Internet, just three weeks before the country is going to have a legislative election. In Israel, all political parties receive personal details of voters before the election, which they can't share with any third party and are responsible for protecting the privacy of their citizens and erasing it after the elections are over. Reportedly, Likud shared the entire voter registry with Feed-b, a software development company, who then uploaded it a website (elector.co.il) designed to promote the voting management app called 'Elector.' According to Ran Bar-Zik , a web security researcher who disclosed the issue, the voters' data was not leaked using any security vulnerability in the Elector app; instead, the incident occurred due to negligence by the softw

A group of highly sophisticated state-sponsored hackers is spying on the Israeli military by hacking into the personal Android phones of individual soldiers to monitor their activities and steal data. A newly released research by Lookout and Kaspersky suggests that more than 100 Israeli servicemen from the Israeli Defense Force (IDF) are believed to have been targeted with spyware. Dubbed ViperRAT , the malware has specifically been designed to hijack Israeli soldiers' Android-based smartphones and remotely exfiltrate data of high value, including photos and audio recordings, directly from the compromised devices. Modus Operandi Identified According to the security firms, IDF personnel had been compromised by social engineering techniques — where the soldiers were lured via Facebook Messenger and other social networks into entering communications with hackers who posed as attractive women from various countries like Canada, Germany, and Switzerland. The soldiers were th

Saudi Arabia and Israel's Mossad intelligence division are reportedly collaborating to develop a computer worm more destructive than the Stuxnet malware to spy on and destroy the software structure of Iran's nuclear program. The Iranian Fars news agency has reported : " Saudi spy chief Prince Bandar bin Sultan bin Abdulaziz Al Saud and director of Israel's Mossad intelligence agency Tamir Bardo sent their representatives to a meeting in Vienna on November 24 to increase the two sides' cooperation in intelligence and sabotage operations against Iran's nuclear program. "  " One of the proposals raised in the meeting was the production of a malware worse than the Stuxnet to spy on and destroy the software structure of Iran's nuclear program ," But Why ? The report claims that Saudi Arabia and Israel were not particularly happy with the deal between between Iran and the Group 5+1 (the US, Russia, China, France and Britain plus Germany) and Israel has dubbed the deal as " historic mista

Israel is considered one of the most advanced country in cyber security, but at the same time is a privileged target for hostile governments intent in sabotage and cyber espionage on his technology. Yesterday, Cybersecurity experts revealed that a major artery in Israel's national road network located in the northern the city of Haifa suffered a cyber attack, that caused massive traffic congestion in the City. Isreal military officials are aware of cyber threats that could hit the infrastructure of the country and they afraid the possible effect of a cyber attack on a large scale. Israeli government websites suffer thousands of cyberattacks each day according Ofir Ben Avi, head of the government's website division. The Israel Electric Corp. confirmed that its servers register about 6,000 unique computer attacks every second. In June, Prime Minister Benjamin Netanyahu stated that Iran militia, Hezbollah and Hamas have targeted in numerous occasions Israel

A cyber attack campaign  is ongoing and targeting thousands of Israeli websites by Pakistani hackers, in support of  Palestine people. They had already infiltrated reportedly 650 Israel  websites listen on Pastebin and upload their page with custom messages on servers. The hacker claimed and told 'The Hacker News' that they will release more hacked websites list soon. The hacker behind the massive attack mentioned his online name as " H4x0r HuSsY " and the message says, " LONG LIVE PALESTINE - PAKISTAN ZINDABAD HAPPY INDEPENDENCE DAY TO & FROM TEAM MADLEETS ". Hacked websites belong to Semi-Government, Personal and Israeli Corporates. At the time of writing, most of the websites still having deface page uploaded to their server. A few months back World wide Hackers and especially Anonymous group declared massive 'cyber war' on Israel after IDF threatens to cut off internet in Gaza.

In an interview with Germany's Der Spiegel Magazine, American whistleblower Edward Snowden has Confirmed that Stuxnet Malware was developed by NSA and Israel Together. Stuxnet made international headlines in 2010 for specifically target a uranium enrichment facility in Natanz, Iran. Stuxnet was designed to make the centrifuges spin out of control and cause physical damage to the plant in Natanz. Stuxnet temporarily disabled 1,000 centrifuges that the Iranians were using to enrich uranium. Asked whether the NSA collaborates with Israel, Snowden said: " Yes, all the time. The NSA has a large section for that, called the FAD - Foreign Affairs Directorate. "  " The NSA and Israel wrote Stuxnet together, " Snowden said when asked if the NSA had any involvement in the Stuxnet program. Last year an even more complex computer virus called Flame was discovered and while initially it was not linked to Stuxnet, further investigation by Kaspersky Labs identified a

Israel's Prime Minister officially opened a new national program to train teenagers in the art of cyberwarfare. The program named "Magshimim Le'umit", is to prepare them for their future role in the military and intelligence community. Israel Prime Minister Binyamin Netanyahu said the country's computer systems are facing attacks from Iran and other countries, and such attacks are set to increase in the digital age. The new program will accept outstanding pupils aged between 16 and 18 and train them to intercept malicious attacks through a three-year course. Cyber security has become a national priority in Israel, with significant resources being invested in protecting the military and civilian computing networks. Benjamin Netanyahu revealed plans to create a "digital Iron Dome" to protect vital infrastructure from hackers and viruses like last November, Israeli was under heavy cyber attacks from hacktivist group Anonymous as the latte prot

Protesting against attacks taking place on Gaza, Anonymous hackers attempts to hack most of the Israel websites in the past few days. " government and private websites are under siege from hackers, who have mounted 44 million cyberattacks in less than a week" , the government said. Today Pakistani   Hackers also deface Israeli Bing , MSN, Skype, Live and other big sites and In counter-attack  Israeli Hackers Leak Credit Card  Data from Palestine ISP website. Finance Minister Yuval Steinitz said just one hacking attempt was successful on a site he did not want to name, but it was up and running after 10 minutes of downtime. Israel said that it generally experiences a few hundred hacking attempts per day. The attacks are reportedly coming from around the world. Defence force sites have been the hardest hit, while the president's site has been hit 10-million times, the foreign ministry seven-million times and the prime minister three-million times. Both sides have been act