Cyber Toufan Operations Hacker group leaks information on Israel Ministry of Defense
While the sounds of artillery and explosions resonate on the battleground in the Gaza Strip due to the Israeli ground attack, which hasn't yet resulted in a clear victory, a silent cyber war quietly unfolds. Its battlegrounds are the internet, communication networks, and servers where Israelis don't hold a distinct advantage.
IKEA and Israeli Companies Breached:
A hacker group, self-identified as "Cyber Toufan Operations," claimed responsibility for breaching several Israeli websites last weekend and stealing multiple files from the web hosting company Signature-IT. Among its clientele were commercial entities like Ace, Shefa Online, Home Center, Auto Depot, and IKEA.
Additionally, a video surfaced on a Telegram channel in which the hackers claimed to have breached the Israeli Ministry of Defense, obtaining millions of data records concerning reserve soldiers and the Israeli army.
Reports from Yedioth Ahronoth and "Wynet" confirmed a massive breach in Signature-IT's servers. According to "Wynet," the stolen files include tens of thousands of employee and customer details along with transaction specifics carried out by the company. The motive behind this action, as per the report, appears to be intended harm rather than ransom.
Yedioth Ahronoth's report stated that the group, expressing support for the Hamas movement, managed to steal data files totaling approximately 16 gigabytes, seemingly taken from various website databases stored on the company's servers.
Signature-IT is considered one of the largest hosting companies, counting government offices, organizations, and major corporations among its clients.
Security company Check Point indicates that this event might unfold over several days, and the full extent of its impact remains unclear. They added, "We are aware that the breach itself was on Signature-IT. The leak included a database file."
It appears that the file contains information about a virtual store hosting approximately 2.2 million users who made purchases on the website.
From the analysis of the hacking data conducted by Jackie Altal, CEO of Yahav Cyber Solutions consulting firm, and the cyber forensics director at the Academic College, it seems that roughly 2.5 to 3 million records have been disclosed. These records contain at least names, email addresses, phone numbers, and addresses, with some also including the last four digits of credit cards, along with additional details provided during delivery requests. It's not yet determined whether complete credit card details or other data have been leaked.
It's worth noting that most of the corporate websites were used solely for marketing purposes, except for sites where products could be purchased online.
Defense Ministry Breach
A masked individual in a video posted by the Cyber Toufan Operations group on their Telegram account discussed the group's success in breaching the Israeli Defense Ministry, disclosing information about the Israeli military's Northern Gaza Brigade.
The masked individual began by reviewing the names of Israeli soldiers in the Northern Gaza Brigade, their military ranks, service numbers, and residential locations.
The disclosed information wasn't limited to Israeli soldiers; it was mentioned that soldiers with dual citizenship from several countries including Canada, Belgium, and Ukraine had their information and images acquired by the Islamic Resistance.
Racists and Patients
In another video, a masked member of the Cyber Toufan Operations group discussed "extremely private" information regarding Israeli soldiers' evaluations by their superiors and medical information related to them. The masked individual stated that the information they obtained reveals how the occupation army deals with its soldiers, how they are classified, and how they are evaluated.
When revealing some names, the masked individual highlighted that officers responsible for the soldiers had tagged some of them with the word "black," indicating their skin color and African origins, reflecting racial biases within the occupying army towards individuals with darker skin.
The masked person also showcased names of soldiers whose files contained embarrassing details about their personal lives and the psychological illnesses they suffer from, information mentioned by their leaders in the soldiers' confidential files accessed during the recent breach.
Among these soldiers were those whose mental health status was noted, indicating that some are grappling with serious psychological issues.
Significant Hacking Capabilities
The Israeli Ministry of Defense or Israeli media outlets haven't confirmed the Ministry's breach, unlike the confirmation in the hosting company's breach, affecting companies and commercial entities.
Although the attack on Signature-IT impacts dozens of Israeli websites, including government offices that utilized the company's service to create public-facing auxiliary websites, the breach of the Israeli Ministry of Defense signifies the group's substantial capabilities.
The attackers' identities have not been disclosed. However, according to Elan Mysel, the director of the Information Security and Cyber division at "BeInTech Computer Communications," one form of the lethal attack carried out by Hamas against Israel was also witnessed in the cyber attacks in the digital space. It appears to have been assisted by Iran, which possesses state-level capabilities for executing electronic attacks on organizations, companies, and individuals, utilizing an electronic proxy (referring to the Cyber Toufan Operations group).
Mashal stated, "During times of crisis, the threat of cyberattacks intensifies." This was reaffirmed by Check Point, which noted an 18% increase in cyberattacks on Israel in mid-October last year. Meanwhile, the Israeli economy is partially besieged due to the hundreds of thousands forced to leave their jobs amid the enlistment of reserve soldiers.
Mashal added that the escalating cyber threat and workforce shortage are impacting the Israeli cyberspace. Defense systems in organizations and companies are significant vulnerabilities in readiness against attacks and early detection difficulties. Beyond potential economic damages, awareness is growing among organizations about the damage portrayed by cyberattacks.
Mashal emphasized, "No organization or company is immune to cyber incidents. Therefore, contemporary cyber defense methodology focuses on swiftly identifying incidents, responding, and returning to normalcy as quickly as possible. Alongside enhancing employee awareness, it's crucial to adopt comprehensive solutions providing proactive and multi-layered security against threats and electronic attacks."
