Iranian hackers’ revenge: Medical data of 300k Israeli people leaked

Cybersecurity specialists reported that a hacking group possibly sponsored by the government of Iran has compromised the servers of an Israel-based web hosting platform, leading to the leaking of the confidential records of all kinds of companies, including Machon Mor, a private clinics chain.

The group in charge of this cyberattack has been identified as Black Shadow, which has recently been linked to other attacks on targets in Israel. While the hackers only managed to access the contact section of Machon Mor’s website, patients include a lot of information in this section.

In addition to the clinic information, the leak includes confidential records of subscribers to radio stations such as 103 FM and 104.5 FM, a furniture manufacturer and many other companies. The information displayed for each profile may vary, although personal data is included.

Apparently it all started this weekend, when Black Shadow hackers managed to compromise Cyberserve’s servers and leaked the information of users of Atraf, a dating website for the LGBTQ community in Israel. The threat actors demanded a ransom of $1 million USD in exchange for stopping their attacks; seeing that their demands were not being met, they began to leak confidential information.

Israeli authorities tried to contain the fallout from the attack by asking internet service providers to block access to any potentially compromised websites while a definitive solution was found.

Although internet companies complied with the decision, this move only momentarily interrupted the leaks, which eventually started again. A judge even tried to issue an order to block the popular messaging app Telegram, arguing that it was being used by the groups responsible for this attack, although the Israeli government does not have the legal mechanisms to ban the use of this app.

What the Israeli authorities were able to do is launch an investigation into Cyberserve and Atraf, as it is necessary to determine if the companies had the necessary security measures to contain this kind of threat or if they committed any omission that has facilitated the work of the hackers. While this investigation concludes, users of any company potentially affected by this breach have been asked to perform a password reset to prevent subsequent hacking incidents.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.