Over 100 Israeli organizations were hacked and data leaked

A hacker group called Cyber Toufan, allegedly backed by the Palestinian state, claims to have hacked over 100 Israeli organizations through data deletion and theft operations. This is part of a comprehensive attack campaign motivated by the increasingly tense political situation in the region. 

Cyber Toufan exhibits the characteristics of a sophisticated hacker group and claims to be formed from the Palestinian state’s cyber warriors. The group has quickly gained notoriety, carrying out complex cyberattacks against high-level Israeli entities.

Cosmos Bank hacked

The group’s tactics suggest Cyber Toufan could be state-sponsored. The International Institute for Counter-Terrorism (ICT) at Reichman University noted in late November that: “This group has shown superior capabilities compared to other Hamas-affiliated Palestinian hacker groups. The group’s operations focus on compromising servers, databases, and leaking information, indicating strong support from some government, with signs pointing to Iran as the possible sponsor.”

Security researchers have tracked over 100 attacks related to Cyber Toufan’s operations, characterized by stealing large amounts of data, including personal information, and disseminating it on the web. 

The cyber intelligence firm SOC Radar wrote in a report two weeks ago: “Cyber Toufan’s attacks not only lead to massive data leaks but also serve as a form of digital retaliation, fitting larger strategic objectives in the region.”

Independent security researcher Kevin Beaumont (UK) said the hacker group leaked data from 59 organizations on its Telegram channel. However, the group may have compromised over 40 more organizations in attacks targeting managed service providers (MSPs). The data the group leaked includes complete disk images of servers, still-valid and in-use SSL certificates, SQL dumps, CRM, and even WordPress backups.

Cyber Toufan’s victims include The Israel National Archives; Israel Innovation Authority; Israel Housing Center; Israel Nature and Parks Authority; Tel Aviv Academic College; Israel Ministry of Health; Ministry of Welfare and Social Affairs, Israel Securities Authority; the companies Allot, MAX Security & Intelligence, Radware and Toyota Israel.

Some victims were unable to recover from the cyberattacks and have been offline for weeks. According to researcher Kevin Beaumont, Cyber Toufan used Shred, a tool for deleting files unrecoverable. To do this, the group ran Shred using their shell scripts to ensure the tool kept running even if terminated by admins.

Researchers also found Cyber Toufan emailed customers of the attacked organizations and the group appears to be trying to coordinate with other hacker groups for larger scale collective attacks.