The Iranian hacker group Pay2Key reportedly hacked into the Israeli cyber-security firm Portnox on Thursday, Israeli media reported.
The materials leaked by the hackers include a 15 page-long report that highlights security weaknesses in Elbit Systems. However,
the man who has no enemies isn't anybody and has never done anything...
the report only goes as far as the year 2018, which may mean that most of the exposed weaknesses are no longer relevant.
That would be nice.
The actual extent of the hack is still unclear at this point. "Over a terabyte of documents, projects, coding files and others were extracted from the company's servers," the group wrote on their website on the dark web, according to Walla.
Portnox commented on the reported hack by saying that they were looking into the issue.
"In the last few hours, reports indicated a hack into the company's internal servers by a hacking group that identifies itself as Pay2Key. The company has launched a comprehensive investigation in order to gain a full picture of the incident," the Portnox statement read.
This is the second time this week that Iranian hackers claim to have managed to hack into Israeli firms based in Israel. On Sunday, the same group claimed that it successfully hacked a range of Israeli defense industry companies, including the largest Israeli airpower defense corporation, Israel Aerospace Industries.
And if Israeli companies still doubt the capabilities of this hacker group, Israeli cyber-security company Check Point has confirmed that Pay2Key is an elite hacker group that operates by stealing data and threatening to leak it if its targets do not cooperate.
Various indications on social media pointed to an ongoing hacking operation launched by Pay2Key against a range of Israeli companies, and Thursday's hack seems to support that notion.
Following Sunday's hack, the Israeli tech website Geektim reported that an unknown user operating a Twitter account called 0x972DC or @EmbeddedOle had published five photos presumably belonging to hackers from Pay2Key or to people who assisted them somehow. The tweet was accompanied by the Hebrew text: "The clock is ticking for those who assisted Pay2Key."
That would be nice, too.
In another tweet, the anonyms Israeli user wrote: "Don't think that Pay2Key are professionals or talented, they just used the zerologon weakness (or CVE-2020-1472) to gain access to the DC server of the Israel Aerospace Industries - not impressed." The account has since been deleted.
Israeli cyber security firm Check Point issued a warning about Pay2Key in November after a series of attacks on Israeli companies. The hacking group installs ransomware in its victims’ networks, which allows hackers to take control of data or systems, and threatens to leak corporate data, then demands Bitcoins as a ransom payment, the warning said. Check Point traced some of the transactions back to a Bitcoin exchange based in Iran.
On Sunday, Pay2Key claimed to have breached Israeli Aerospace Industries’ computer systems. The hacking group also mentioned a systems administrator at the defense contractor’s Elta subsidiary by name, Koby Fiada, revealing his password.
The Israeli cyber security firm ClearSky, which released a report on Pay2Key three days before the alleged IAI hack, said the group was likely an offshoot of an Iranian hacking cooperative known as Fox Kitten.
"We estimate that this campaign is part of the ongoing cyber confrontation between Israel and Iran, with the most recent wave of attacks causing significant damage to some of the affected companies," ClearSky wrote last week.
According to ClearSky, though Pay2Key portends to be an outfit specializing in ransomware, the group is in fact conducting cyberattacks on Israeli companies as part of an ongoing campaign against the Jewish state by Tehran.
"We estimate with a medium level of confidence that this campaign (Pay2Key) is part of Iran
...a theocratic Shiite state divided among the Medes, the Persians, and the (Arab) Elamites. Formerly a fairly civilized nation ruled by a Shah, it became a victim of Islamic revolution in 1979. The nation is today noted for spontaneouslytaking over other countries' embassies, maintaining whorehouses run by clergymen, involvement in international drug trafficking, and financing sock puppet
militiasto extend the regime's influence. The word
Iranis a cognate form of
Aryan.The abbreviation
IRGCis the same idea as
Stürmabteilung (or SA).The term
Supreme Guideis a the modern version form of either
Duceor
Führeror maybe both. They hate
information warfare aimed to create panic to Israel and in other countries world-wide," the cyber security company said.
The alleged hack of the Elta subsidiary came after a major cyberattack — also by Pay2Key, according to ClearSky — earlier this month hit dozens of Israeli logistics companies, with hackers making off with information from servers, according to a report of the incident by one of the victims, Amital Data, filed to the Tel Aviv Stock Exchange.
An investigation found that there may have been 15-20 additional companies, not Amital clients, that were also targeted in the attack, although the full list is still unknown, the Calcalist website reported.
Iran was believed to be the likely culprit.
There have been at least five suspected Iranian cyberattacks on Israel during 2020, including one that targeted its water infrastructure.
Iran and Israel have reportedly been engaged in a cyber war that has become more intense over the past year.
Separately, last week, hackers who had stolen a mass of personal details on clients of the Shirbit Insurance company apparently began selling the information on the internet.