Cyber Toufan goes Oprah mode, with free Linux system wipes of over 100 organisations
For the past 6 or so weeks, I’ve been tracking Cyber Toufan on Telegram. They appeared in November, and they’ve been very busy and very naughty boys. They actually set up their infrastructure around October, and started owning things apparently undetected.
They’re not a lame DDoS pretend hacktivist group like NoName016 — instead, they claim to be Palestinian state cyber warriors. (Might they be Iran? Who cares?). They target orgs with interests in Israel.
They’ve been wiping systems — a lot of them — and dumping stolen data online.
To lay it out, several factors got my attention as this being unusual:
- They’re not ransomware or DDoS kids.
- They’ve compromised a lot of orgs.
- They’ve caused so much damage that many of the orgs — almost a third, in fact, haven’t been able to recover. Some of these are still fully offline over a month later, and the wiped victims are a mix of private companies and Israeli state government entities.
- I am tracking 59 orgs where they have released data dumps, and a further 40 or so who got hit in a mass MSP (Managed Service Provider) wipe.
- Three of the victims are cybersecurity vendors, and I suspect they may have access to another larger infosec vendor that they haven’t disclosed.
- Data they have published includes a complete server disk image, SSL certificates with private keys to a host of domains (which still haven’t been revoked and are still in use), SQL and CRM dumps. Even WordPress backups, as apparently people build CRMs on WordPress nowadays (I’m old).
The primary victims
ACE Israel
Shefa Online
Israeli National Archive
Radware
MAX Sec
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.This article has been indexed from DoublePulsar – Medium
Read the original article: