At the end of 2020, the "Shirbit" company suffered from a widespread cyber attack in which attackers managed to steal sensitive information of many policyholders. The attack group, which then identified itself as Black Shadow, demanded a ransom from the company, but it quickly became clear that the attackers were not looking for money and that their main goal was to cause maximum damage to entities in Israel.
In 2021, the "Black Shadow" group continued its attacks against Israel when it hacked the Cyber Serve company and published information from the "Atref" website and other websites.
At that time there were already those who associated the group with Iran or who claimed that the group is identified with Tehran.
At the same time, the group recently changed its name to Malek Team.
Despite the change, various research bodies, including the Israeli cyber system, managed to get to the source and identified that it was the Agrius attack group that works in close cooperation with the Iranian intelligence system.
The Iran International channel, which is affiliated with the opposition in the country, recently revealed new details about the group and claimed that it operates under the guise of a high-tech company in Tehran.
It is also claimed that the group is operated by the country's intelligence system and is the one behind the cyber attack that hit the "Ziv" hospital last November.
Ziv Hospital in Safed.
One of the prominent victims of the "Black Shadow" group, photo: Ancho Ghosh, Gini
Iron swords and the shadow
On October 8, the day after Hamas's surprise attack on Israel, the Agrius group revealed that it had managed to break into the servers of Ono Academic College and published the stolen information on Telegram and other platforms.
In the weeks that followed, the group managed to break into the companies "Dori Media", "Gev Systems", the "Ziv" hospital and the "Beit Handesai" association.
According to Usher Ashur, director of the cyber division at the consulting firm AUREN Israel, "The cyber system, in cooperation with other entities, is constantly trying to reduce the scope of the information leak by closing the channels and platforms where the group publishes the information it stole.
In most cases, unfortunately, it is a lost battle in advance, when even at these moments the information stolen from the various entities can be found online."
Usher Asur, director of the cyber division at the consulting firm AUREN Israel, photo: Yaniv Cohen
"The start of the group's latest campaign, close to October 7, is not accidental. The group had access to information of Israeli companies even before that, but chose to publish the information close to it, which may indicate that the group knew that such an attack was about to break out and expected that a cyber attack At the same time, you will intensify the chaos," he claims.
Ashur adds that "groups that are funded and operate on behalf of states, possess resources that 'standard' attackers do not have. At the same time, these attackers also often take advantage of known weaknesses in systems, which can be reduced through proper information security processes such as updating systems, monitoring suspicious network operations and installing systems which prevent the removal of sensitive information from the corporate network".
were we wrong
We will fix it!
If you found an error in the article, we would appreciate it if you shared it with us