Cyber-war on Israel? ‘Iran-linked’ hacker group claims to have breached Israel Aerospace Industries’ servers

The group teased the hack last week by posting a poll, asking users to vote on which Israeli organization had the “most secure network,” with the state-owned IAI being one of the choices and winning the ‘vote.’

“I thought so too, but sometimes something changes… Stay alert!” the group’s Twitter account posted afterwards.

Pay2Key later posted what they claimed was proof they had access to IAI’s directory, as well as access information for IAI subsidiary Elta Systems Ltd. 

Reports suggest the group published a list of users on Elta Systems servers on the Dark Web, including Camila Edry, head of cyber projects development. The information leaked was not classified, but rather showed names and computer registries. It could suggest, however, that the group has access to more sensitive information. 

IAI is currently investigating the potential breach, though it claims no classified or damaging information was stolen.

Reports on Pay2Key from cybersecurity firms Check Point and Whitestream suggest the group hacks servers and holds information hostage in exchange for ransom. Some experts have cited the most recent cyberattack against Israel as being from Iran, as the Whitestream report links Pay2Key to the nation by tracking a past ransom payment to an Iranian cryptocurrency exchange. 

“We followed the sequence of transactions, which began with the deposit of the ransom and ended at what appeared to be an Iranian cryptocurrency exchange named Excoino,” the report states.

Lotem Finkelstein, head of cyberintelligence at Check Point, also suggested Pay2Key has “advanced capabilities” and could have breached IAI servers days or even weeks before announcing themselves, but insisted the attack is primarily financially motivated, though ransom demands have yet to be made.

The current cyber attack is the latest in a spike in hacks against Israel. A report from Check Point from earlier in December claimed over 100 Israeli companies had seen their servers hacked in both October and November.

Omri Segev, CEO of cybersecurity firm Profer, has closely followed and tweeted about Pay2Key’s hacks and called this latest breach claim “another escalation in this campaign.” 

If you like this story, share it with a friend!

© 2020, paradox. All rights reserved.