Iranian Hackers Hit H&M Israel as Local Firms Fight New Wave of Cyberattacks

At least four Israeli companies, one NGO may have been targeted by what experts say could be a new attack by the Iranian group that was behind previous hacks

Amitai Ziv
Amitai Ziv
Send in e-mailSend in e-mail
Employees watch electronic boards to monitor possible ransomware cyberattacks by hackers. Illustration
Employees watch electronic boards to monitor possible ransomware cyberattacks by hackers. IllustrationCredit: Yun Dong-jin,AP
Amitai Ziv
Amitai Ziv

Israel is in the midst of a new wave of cyberattacks, some six months after over 80 Israel companies were targeted in a string of ransom attacks that experts said were ideologically and not financially motivated.

At least four Israeli companies have been hit and one nonprofit may have been targeted by what experts say may be a new attack by the Iranian hacking group that was also involved in the previous hacks.

On Sunday, a group of hackers identifying themselves as Networm (stylized as N3tw0rm) posted the logo of H&M Israel to their website on the so-called dark web, implying that the company has been hit by the hackers.

Networm may actually be Pay2Key - a group of allegedly Iranian hackers involved in an attack on over 80 Israel firms a few months agoCredit: Screen capture

Over the weekend, the logo of another Israeli firm, called Veritas Logistic, was also added to the site. Hackers are threatening to publish 110 gigabytes of H&M Israel's data and 9 gigabytes of Veritas' - which includes details on its clients, invoices, workers details and perhaps also payment information such as credit cards - if a ransom is not paid out. For Veritas' data, the hackers are requesting 3 bitcoin (almost $170,000) by May 3.

Veritas and now H&M are only one of a number of similar incidents taking place. Over the weekend, before H&M Israel, Shay Pinsker from the cyberdefense firm OP Innovate said that “we are currently the response team for three different victims.”

>> Israel prepares for Iranian cyberattack. But here's the real threat <<

According to Pinsker, who spoke before the attack on the nonprofit which may be unconnected, the Networm hackers are very likely Pay2Key - a hacking group that previously targeted Israel during the last wave of cyberattacks and have now just changed their name.

“We believe this is an Iranian attacker pretending to be a Russian one,” Pinsker says. They hit Israeli firms that are part of the supply-chain, he says. Hacking these companies, which provide services to large number of other firms, would allow access to scores of victims that cannot be reached directly.

Networm hackers claim to have hit H&M Israel and Veritas Logistics as part of new wave of cyberattacks against israelCredit: Screen capture

“The attack began on April 18 and it seems to be mostly politically motivated. The attackers are asking for ransom, but in negotiations it became clear they have no real intention of releasing the data,” he says.

This is the same pattern reported with Pay2Key, which used techniques associated with the world of cybercrime but was actually motivated by political or ideology ends. While cybercriminals steal data in return for a ransom payment, recent incidents of so-called hacktivism against Israeli firms saw attackers use negotiations to buy time and cover their true intentions.

Experts even spoke with Haaretz at the time about the spillover from the world of cybercrime into the world of offensive cyber attacks or even cyberespionage. At the time of the Pay2Key attacks, experts said the hacks were not actually financially motivated but were rather intended to cause fear and undermine Israel’s status as a cyber powerhouse by using techniques associated with cybercrime.

There is a clear similarity between the previous wave and the current one, both in terms of their goals and the techniques they use, Pinsker says, adding: “The current attacker is an evolution of the one we saw in November,” when Israeli insurance firm Shirtbit, as well as others, were hacked.

Meanwhile, a source in Matav, an Israeli nonprofit focused on welfare services, said their computer systems were down for 48 hours in wake of an attack that was halted before any real damage was caused. The NGO provides welfare services to over 30,000 Israeli senior citizens with a roster of almost 20,000 social workers with a budget of 1.2 billion shekel.

“We recently discovered a security breach into the organizations. The event did not include any leak of sensitive information from within our system thanks to preventive measures on our part and our defense systems,” the organization said, and thanked One Security for its ongoing cybersecurity services. “The incident was addressed immediately with no harm to the organization.”

Click the alert icon to follow topics:



Automatic approval of subscriber comments.

Subscribe today and save 40%

Already signed up? LOG IN


Palestinians search through the rubble of a building in which Khaled Mansour, a top Islamic Jihad militant was killed following an Israeli airstrike in Rafah, southern Gaza strip, on Sunday.

Gazans Are Tired of Pointless Wars and Destruction, and Hamas Listens to Them

Trump and Netanyahu at the White House in Washington, in 2020.

Three Years Later, Israelis Find Out What Trump Really Thought of Netanyahu

German soldier.

The Rival Jewish Spies Who Almost Changed the Course of WWII

Rio. Not all Jewish men wear black hats.

What Does a Jew Look Like? The Brits Don't Seem to Know

Galon. “I’m coming to accomplish a specific mission: to increase Meretz’s strength and ensure that the party will not tread water around the electoral threshold. If Meretz will be large enough, it will be the basis for a Jewish-Arab partnership.” Daniel Tchetchik

'I Have No Illusions About Ending the Occupation, but the Government Needs the Left'

Soldiers using warfare devices made by the Israeli defense electronics company Elbit Systems.

Russia-Ukraine War Catapults Israeli Arms Industry to Global Stage