Iranian Hackers Hit H&M Israel as Local Firms Fight New Wave of Cyberattacks

At least four Israeli companies, one NGO may have been targeted by what experts say could be a new attack by the Iranian group that was behind previous hacks

Send in e-mailSend in e-mail
Employees watch electronic boards to monitor possible ransomware cyberattacks by hackers. Illustration
Employees watch electronic boards to monitor possible ransomware cyberattacks by hackers. IllustrationCredit: Yun Dong-jin,AP

Israel is in the midst of a new wave of cyberattacks, some six months after over 80 Israel companies were targeted in a string of ransom attacks that experts said were ideologically and not financially motivated. 

At least four Israeli companies have been hit and one nonprofit may have been targeted by what experts say may be a new attack by the Iranian hacking group that was also involved in the previous hacks.

On Sunday, a group of hackers identifying themselves as Networm (stylized as N3tw0rm) posted the logo of H&M Israel to their website on the so-called dark web, implying that the company has been hit by the hackers.

Networm may actually be Pay2Key - a group of allegedly Iranian hackers involved in an attack on over 80 Israel firms a few months agoCredit: Screen capture

Over the weekend, the logo of another Israeli firm, called Veritas Logistic, was also added to the site. Hackers are threatening to publish 110 gigabytes of H&M Israel's data and 9 gigabytes of Veritas' - which includes details on its clients, invoices, workers details and perhaps also payment information such as credit cards - if a ransom is not paid out. For Veritas' data, the hackers are requesting 3 bitcoin (almost $170,000) by May 3. 

Veritas and now H&M are only one of a number of similar incidents taking place. Over the weekend, before H&M Israel, Shay Pinsker from the cyberdefense firm OP Innovate said that “we are currently the response team for three different victims.” 

>> Israel prepares for Iranian cyberattack. But here's the real threat <<

According to Pinsker, who spoke before the attack on the nonprofit which may be unconnected, the Networm hackers are very likely Pay2Key - a hacking group that previously targeted Israel during the last wave of cyberattacks and have now just changed their name. 

“We believe this is an Iranian attacker pretending to be a Russian one,” Pinsker says. They hit Israeli firms that are part of the supply-chain, he says. Hacking these companies, which provide services to large number of other firms, would allow access to scores of victims that cannot be reached directly.

Networm hackers claim to have hit H&M Israel and Veritas Logistics as part of new wave of cyberattacks against israelCredit: Screen capture

“The attack began on April 18 and it seems to be mostly politically motivated. The attackers are asking for ransom, but in negotiations it became clear they have no real intention of releasing the data,” he says.

This is the same pattern reported with Pay2Key, which used techniques associated with the world of cybercrime but was actually motivated by political or ideology ends. While cybercriminals steal data in return for a ransom payment, recent incidents of so-called hacktivism against Israeli firms saw attackers use negotiations to buy time and cover their true intentions. 

Experts even spoke with Haaretz at the time about the spillover from the world of cybercrime into the world of offensive cyber attacks or even cyberespionage. At the time of the Pay2Key attacks, experts said the hacks were not actually financially motivated but were rather intended to cause fear and undermine Israel’s status as a cyber powerhouse by using techniques associated with cybercrime. 

There is a clear similarity between the previous wave and the current one, both in terms of their goals and the techniques they use, Pinsker says, adding: “The current attacker is an evolution of the one we saw in November,” when Israeli insurance firm Shirtbit, as well as others, were hacked.  

Meanwhile, a source in Matav, an Israeli nonprofit focused on welfare services, said their computer systems were down for 48 hours in wake of an attack that was halted before any real damage was caused. The NGO provides welfare services to over 30,000 Israeli senior citizens with a roster of almost 20,000 social workers with a budget of 1.2 billion shekel.

“We recently discovered a security breach into the organizations. The event did not include any leak of sensitive information from within our system thanks to preventive measures on our part and our defense systems,” the organization said, and thanked One Security for its ongoing cybersecurity services. “The incident was addressed immediately with no harm to the organization.”

Comments