On video: Ambassador Erdan at the UN: "Iranian terrorism will reach all of you" 01.23.24/without
The breach that affected dozens of colleges and put at risk the details of hundreds of thousands of citizens in the country has increased in severity: last week (Tuesday) the hackers carried out their threat and began publishing the data they collected, including personal details and hundreds of photographs of Israeli citizens' identity cards.
The vulnerability was known as early as July 2023, yet was not fully addressed, if at all.
In recent days, Iranian hackers broke into the IT systems of many colleges in Israel, collected a lot of data, some of it private, and boasted about it on social media.
The hack was carried out in the form of hacking the supply chain: the hackers penetrated the IT system of Rushim, a subsidiary of Melam Timm, and from there - to its customers.
The attackers are members of the Nemesis Kitten group, which is sometimes designated as DEV-0270 and is a subgroup of the Iranian threat actor Phosphorus.
In the past, it was known as someone who carries out malicious network operations, including extensive vulnerability scanning, with the backing and patronage of the Iranian government.
In 2022, the group was revealed to have conducted several ransom attack campaigns, the purpose of which was not to receive ransom money, but to gain access to the computer systems of the victims.
In recent days, the members of the group have been bragging about their success on Darknet and social media.
One of the videos they published shows how they penetrated the management system of Rasim and deleted material that is on the company's servers.
According to the hackers, the databases to which they were able to gain access include, among others, Ariel College, Sapir College, Beit Berel, Daat Nissim, Gur Ashdod, Hamada Academic College, Israel College, Police College in Beit Shemesh and Sakhenin College.
This danger exists in a big way/screenshot, official website
After the hackers previously published metadata - that is, the names of files and folders, in recent days they have started publishing the data itself, such as photographs of identity cards with the date of issuance of the certificate - which impairs the ability to verify that the document is indeed genuine.
Thus, the attackers also reached the files, and not just the information.
This means that it is not just personal details, but identification documents, which make it possible to carry out diverse and dangerous actions on behalf of the victims, by gaining access to sensitive details such as military service.
A security researcher contacted the National Cyber System already in the second half of last year and reported the hack, in addition to other reports.
Despite this, nothing was done in the national cyber system and in the Rushim company to correct it or publish it.
Worse than that, even after publication, the breach is still alive and well in some places, among customers who have not patched it.
Thus, it is still possible to harvest the private and personal data of hundreds of thousands of the country's citizens who have taken courses in colleges, or have considered taking courses and have provided their details.
The National Cyber Organization stated that "Roshim Company and the National Cyber Organization are working in cooperation in everything related to the handling of the cyber incident. The organization worked with the company in light of the report on the weaknesses. The organization was updated on the incident, and also passed on instructions for the protection of customers. A warning on the matter will be issued as necessary."
In 2020, Malam Tim acquired Roshim - planning and implementation of information systems, which offers computing solutions in the field of academic administration for institutions of higher education, and management of training and skills in organizations.
Roshim was established in 1998 and provides solutions for academic, educational and training organizations.
The system of its development has more than 200 thousand users - students, employees, lecturers, instructors, as well as administrative and management employees.
The company's clients include prominent academic bodies in Israel, including Ariel University, Oranim College, Al Qasmi College, the Kibbutzim Seminary, David Yelin College, Sami Shimon College in the Negev, Tel Hai College, Levinsky College, the Holon Institute of Technology (HIT) and dozens of other colleges.
The company's solution is also implemented in the large training bodies of the National Police College and the Airports Authority.
Rashim recently issued a new software version, which according to the company closes the loophole and prevents data harvesting, but some customers have not implemented it, and therefore remain hacked.
More on the same topic:
hackers