Black Shadow is a group of Iranian hackers who carried out a number of cyber attacks, during which a number of companies were harmed – including the insurance company Shirbit (late last year) and the server company Cyberserve, on which a lot of information belonging to many sites is stored. Among the clients of the server company are the bus companies “Kavim” and “Dan”, the tour booking company “Pegasus”, and the dating site “Atref”.
BlackShadow’s actions toward Israeli businesses stem from financial gain, an anti-Israel agenda, and a desire for attention. Hacker groups of a similar nature exist in Iran, but the magnitude of BlackShadow or other groups is not yet known to us.
The very fact that this is apparently a small group, whose goals are not in the political or military sphere, begs the question – how do they manage to do so much damage?
The answer to the question lies in the fact that they are purposeful, and manage to exploit loopholes and weaknesses in organizations that are not properly insured. After the break-in, they threaten to publish the details (if they do not receive the ransom they demanded) in various telegram groups, and although the group’s telegram channels appear to be reported and removed – they manage to easily open new channels, and continue to pose a threat to many users.
BlackShadow are looking for specific vulnerabilities, not necessarily unfamiliar weaknesses, to deploy their ransomware on the victims’ network, as was the case with the details of hundreds of thousands of users of the Lines bus company who refused to pay the ransom.
Despite the fact that Israel is a cyber power, it is not easy to download concentrated hacker groups, especially when there are digital platforms that allow them to reappear every time. Recent cyber attacks prove that “it will be okay” is no longer catching on here and we have reached a stage of risking human life ,.
The title is VP of Marketing and Strategy at the start-up company CyberInt