Czechs Shut Down Servers That Hezbollah Used for Espionage

Operators of fake profiles would persuade victims via Facebook to download ‘more secure’ apps for continuing their conversations, the website ZDNet reports

Oded Yaron
Oded Yaron
Send in e-mailSend in e-mail
A fake Facebook profile that Hezbollah allegedly used to lure cyberespionage victims.
A fake Facebook profile that Hezbollah allegedly used to lure cyberespionage victims.Credit: BIS/ZDNet
Oded Yaron
Oded Yaron

The Czech counterintelligence agency has identified and shut down servers that Hezbollah was using for cyberespionage, the website ZDNet reported Tuesday.

A statement issued by the agency last week said the servers were discovered through an operation by the Czech Republic’s Security Intelligence Service, known as BIS, and unidentified partners.

BIS said the servers were “almost certainly” operated by Hezbollah.

“I cannot comment on the details, but I can confirm that BIS has played a significant role in identifying and uncovering the hackers’ system,” said Michal Koudelka, the agency’s director. “We identified the victims and traced the attack to its source facilities. Hacker servers have been shut down.”

The agency said only some of the servers were in the Czech Republic. Others were in other European Union countries and the United States.

According to a Czech media report, the hackers were based in the Middle East, which is presumably why the command-and-control facilities were also in that region. Many of the targets were Middle Eastern as well, though the statement did not mention Israel specifically. But some of the targets were in other places, including eastern and central Europe.

Researchers from the Israeli cybersecurity firm Check Point reported in 2015 that Hezbollah had carried out a successful cyberespionage operation, even if it was not very sophisticated. That attack, nicknamed Volatile Cedar, targeted the computers of companies with ties to defense agencies.

The Czech agency’s description of the latest operation sounds very similar to a Hamas operation that the Israel Defense Forces and Shin Bet security service uncovered last year, and which cybersecurity firms discovered additional cases of this July.

The alleged Hezbollah operation, like the one reported in July, began in 2017. The Czech servers were used to download apps that contained spyware.

The apps were distributed via fake Facebook profiles, most of them of attractive young women. The operators of these profiles would contact the victims via Facebook and persuade them to download “more secure” apps for continuing their conversations.

The spyware in these apps, like the spyware employed by Hamas, gave the operators complete access to the victim’s smartphone including GPS data, private messages, phone calls and contact lists, and the ability to make secret recordings.

Click the alert icon to follow topics:



Automatic approval of subscriber comments.
From $1 for the first month

Already signed up? LOG IN


Charles Lindbergh addressing an America First Committee rally on October 3, 1941.

Ken Burns’ Brilliant ‘The U.S. and the Holocaust’ Has Only One Problem

The projected rise in sea level on a beach in Haifa over the next 30 years.

Facing Rapid Rise in Sea Levels, Israel Could Lose Large Parts of Its Coastline by 2050

Tal Dilian.

As Israel Reins in Its Cyberarms Industry, an Ex-intel Officer Is Building a New Empire

Queen Elizabeth II, King Charles III and a British synagogue.

How the Queen’s Death Changes British Jewry’s Most Distinctive Prayer

Newly appointed Israeli ambassador to Chile, Gil Artzyeli, poses for a group picture alongside Rabbi Yonatan Szewkis, Chilean deputy Helia Molina and Gerardo Gorodischer, during a religious ceremony in a synagogue in Vina del Mar, Chile last week.

Chile Community Leaders 'Horrified' by Treatment of Israeli Envoy

Queen Elizabeth attends a ceremony at Windsor Castle, in June 2021.

Over 120 Countries, but Never Israel: Queen Elizabeth II's Unofficial Boycott