Breaking News

An attack on the servers at the software company Amital led to subsequent infiltration to about 40 other Israeli Logistics companies. The lack of a ransom note or any other indicator of a financial gain motivated attack lead the investigators to believe it might be a strategic attack.

According to an article published this morning in the leading Israeli Finance news site “Calcalist”, the attackers hacked into Amital’s servers, and gained access to its list of customers and credentials to access their networks.

Besides Amital, another 15-20 logistics companies were hacked (which aren’t related to Amital) this again raises the suspicion of a national cyber attack and not cybercrime.

FireEye has uncovered a widespread campaign, that we are tracking as UNC2452.
The actors behind this campaign gained access to numerous public and private organizations around the world.
They gained access to victims via trojanized updates to SolarWind's Orion IT monitoring and management software.
This campaign may have begun as early as Spring 2020 and is currently ongoing.
Post compromise activity following this supply chain compromise has included lateral movement and data theft.
The campaign is the work of a highly skilled actor and the operation was conducted with significant operational security.

One of the largest insurance companies in Israel has been hit by a ransomware attack, and the threat actors started to release sensitive data, as the firm doesn’t pay the requested ransom in bitcoin (BTC).

According to The Jerusalem Post, the Black Shadow group is the mastermind of the ransomware deployed on the IT infrastructure of Shirbit on December 1, 2020, who requested a ransom of 200 BTC (over $3.8 million as of press time).

Initially, the hackers asked for 50 BTC, but the insurance company refused to comply with the attackers’ demands. Afterward, the Black Shadow announced through their Telegram channel that the amount would be increased with the past of the time.

On December 3, 2020, the attackers kept their promise to leak sensitive data and published a bulk of files containing employees’ and customers’ private information. They promised to stop leaking if the ransom is paid. Among its customers, Shirbit has business relations with government entities, including the Tel Aviv District Court president.