Months After 'anti-Israel' Cyberattack, Hacker Group Hits Another Israeli Firm

Amitai Ziv
Send in e-mailSend in e-mail
Send in e-mailSend in e-mail
Some of the information shared by Black Shadow on Telegram.
Some of the information shared by Black Shadow on Telegram.Credit: Screenshot/Telegram
Amitai Ziv

The hacker group known for hitting an Israeli insurance firm last year and leaking its data online has targeted another company and managed to steal at least some its data.

Black Shadow, which was described by experts as a hacktivist group which uses cybercrime techniques for both financial and ideological ends, hacked KLS Capital, an Israeli financing company.

Why Bibi stayed silent on High Court's landmark decision on Reform conversions: LISTEN

-- : --

KLS suggested that “Iran and its proxies” were behind the attack, which was now being dealt with together with Israel’s official cyber agency.

The hackers demanded 10 bitcoins ($600,000) in ransom from the Israeli financing firm, but it refused to pay. The hackers group then published the obtained data on their Telegram channel.

The data leaked online by the hackers shows what seems to be a breach of the firm's internal systems. Among the information leaked online were photocopies of checks and customer IDs. It seems the group has laid their hands on hundreds, and possibly even thousands, of files.

While so-called classic cybercriminals usually negotiate quietly with their victims, Black Shadow is characterized by leaking and sharing their stolen information online. This behavior has led some to question the motives behind their attacks. It seems, experts said, that the attack could have been the work of a group with ideological and anti-Israel motives rather than financially motivated.

In December, a prominent cyber security company reached out to KLS Capital and warned them of a potential leak, flagging a vulnerability linked to their use of a so-called VPN. They said there was a simple “patch” that could provide a solution, however it seems that no action was taken at the time.

In response, KLS Capital said, “The Israeli cyber authority reached out to us three days ago to warn us against a looming cyberattack against us. This attack is very similar to other attacks Iran and its proxies have conducted against Israeli targets – including private and public bodies. Our management acted immediately to take down our servers and join forces with the national cyber directorate – which together with our experts are examining the event.”

The company said the data leakage has been “resolved,” but added that its scope is still unclear "and the company will be in touch with the relevant clients.”

In early December, Shirbit, a mid-sized insurance company that provides policies for Israeli companies and government offices, was targeted by a group called Black Shadow. The attack came to light over a number of weeks and roused concern in Israel, considered a world leader in cyber defense.

The hackers managed to breach Shirbit’s computer network and steal large amounts of data from the company’s servers. They got their hands on employee pay slips, claims filed by customers – including insurance appraisers’ reports and hospital records, for example – as well as a large number of customer ID documents.

Click the alert icon to follow topics: