Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Israel. Show all posts
Technology
attacks Iran Israel surveillance Technology

Iran Attacks Israeli Cybersecurity Infrastructure


The National Cyber Directorate found a series of cyberattacks that targeted Israeli organisations that offer IT services to companies in the country, and might be linked to Iran.

Earlier this month, the failed cyberattack against Shamir Medical Center on Yom Kippur leaked emails that contained sensitive patient information. The directorate found it to be an Iranian attack disrupting the hospital's functions.

Fortunately, the attack was mitigated before it could do any damage to the hospital's medical record system.

The directorate found that threat actors used stolen data to get access to the targeted infrastructure. Most attacks didn't do any damage, some however, caused data leaks. Due to immediate communications and response, the incidents were addressed quickly. “In the case of Shamir Medical Center, beyond the data leak, the very attempt to harm a hospital in Israel is a red line that could have endangered lives,” the directorate said. 

European gang behind the attack

First, a ransomwware gang based out of Eastern Europe claimed responsibility and posted a ransom demand with a 72-hour window. But Israeli officials later discovered that Iranian threat actors launched the attack. 

According to officials, the incident was connected to a wider campaign against Israeli organisations and critical service providers recently. Over 10 forms suffered cyberattacks and exploited bugs in digital service providers inside supply chains. 

According to Jerusalem Post, "Since the start of 2025, Israel has thwarted dozens of Iranian cyberattacks targeting prominent civilians, including security officials, politicians, academics, journalists, and media professionals. The Shin Bet security agency said these operations aim to collect sensitive personal data that could later be used in physical attacks within Israel, potentially carried out by locally recruited operatives."

Read more »
Ransomwares
Cyber Security Cyberattacks DarkBit Encryption Key Iran Israel MuddyWater ransomware attacks Ransomware group Ransomwares

Profero Cracks DarkBit Ransomware Encryption After Israel-Iran Cyberattack Links

 

Cybersecurity company Profero managed to break the encryption scheme used by the DarkBit ransomware group, allowing victims to restore their systems without having to pay a ransom. This achievement came during a 2023 incident response investigation, when Profero was called in to assist a client whose VMware ESXi servers had been locked by the malware. 

The timing of the breach coincided with escalating tensions between Israel and Iran, following drone strikes on an Iranian Defense Ministry weapons facility, raising suspicions that the ransomware attack had political motivations. The attackers behind the campaign claimed to represent DarkBit, a group that had previously posed as pro-Iranian hacktivists and had targeted Israeli universities. Their ransom messages included strong anti-Israel rhetoric and demanded payments amounting to 80 Bitcoin. 

Israel’s National Cyber Command later attributed the operation to MuddyWater, a well-known Iranian state-backed advanced persistent threat group that has a history of conducting espionage and disruption campaigns. Unlike conventional ransomware operators who typically pursue ransom negotiations, the DarkBit actors appeared less concerned with money and more focused on causing business disruption and reputational harm, signaling motivations that aligned with state-directed influence campaigns. 

When the attack was discovered, no publicly available decryptor existed for DarkBit. To overcome this, Profero researchers analyzed the malware in detail and found flaws in its encryption process. DarkBit used AES-128-CBC keys created at runtime, which were then encrypted with RSA-2048 and appended to each locked file. However, the method used to generate encryption keys lacked randomness. By combining this weakness with encryption timestamps gleaned from file modification data, the researchers were able to shrink the possible keyspace to just a few billion combinations—far more manageable than expected. 

The team further capitalized on the fact that Virtual Machine Disk (VMDK) files, common on ESXi servers, include predictable header bytes. Instead of brute forcing an entire file, they only needed to check the first 16 bytes to validate potential keys. Profero built a custom tool capable of generating key and initialization vector pairs, which they tested against these known file headers in a high-powered computing environment. This method successfully produced valid decryption keys that restored locked data. 

At the same time, Profero noticed that DarkBit’s encryption technique was incomplete, leaving many portions of files untouched. Since VMDK files are sparse and contain large amounts of empty space, the ransomware often encrypted irrelevant sections while leaving valuable data intact. By carefully exploring the underlying file systems, the team was able to retrieve essential files directly, without requiring full decryption. This dual approach allowed them to recover critical business data and minimize the impact of the attack.  

Researchers noted that DarkBit’s strategy was flawed, as a data-wiping tool would have been more effective at achieving its disruptive aims than a poorly implemented ransomware variant. The attackers’ refusal to negotiate further reinforced the idea that the campaign was intended to damage operations rather than collect ransom payments. Profero has chosen not to release its custom decryptor to the public, but confirmed that it is prepared to help any future victims affected by the same malware.  

The case illustrates how weaknesses in ransomware design can be turned into opportunities for defense and recovery. It also highlights how cyberattacks tied to international conflicts often blur the line between criminal extortion and state-backed disruption, with groups like DarkBit using the guise of hacktivism to amplify their impact.
Read more »
Technology
DarkBit Encyption Internet Iran Israel Ransomware Technology

Experts decoded encryption keys used by DarkBit ransomware gang

Experts decoded encryption keys used by DarkBit ransomware gang

Encryption key for Darkbit ransomware

Good news for people affected by the DarkBit ransomware: experts from Profero have cracked the encryption process, allowing victims to recover their files for free without paying any ransom.

However, the company has not yet released the decryptor. The National Cyber Directorate from Israel connected the DarkBit ransomware operation to the Iran-nexus cybercriminal gang called “MuddyWater APT.”

How the attack started

After a DarkBit ransomware attack in 2023, Profero encrypted various VMware ESXi servers, which were believed as retaliation for Iranian drone attacks. The threat actors did not negotiate the ransom and emphasized disrupting operations and campaigns to damage the target’s reputation.

The gang posed as pro-Iran hackers and had a history of attacking Israeli agencies. In this incident, the gang asked for 80 Bitcoins and had anti-Israel messages in ransom notes. Profero, however, cracked the encryption, allowing free recovery.

How did the experts find out

While studying DarkBit ransomware, experts discovered that its AES-128-CBC key generation tactic gave weak and predictable keys. Profero used file timestamps and a known VMDK header to limit the keyspace to billions of probabilities, allowing effective brute-force.

“We made use of an AES-128-CBC key-breaking harness to test if our theory was correct, as well as a decryptor which would take an encrypted VMDK and a key and IV pair as input to produce the unencrypted file. The harness ran in a high-performance environment, allowing us to speed through the task as quickly as possible, and after a day of brute-forcing, we were successful!” according to the Profero report. 

Persistent effort led to successful encryption

The experts had proven that it was possible and got the key. They continued brute-forcing another VMDK. This method, however, was not scalable for the following reasons:

  • Each VMDK would require a day for the experts to decrypt
  • The harness resides in an HPC environment and is difficult to scale

“While expensive, it ended up being possible. We decided to once again take a look at any potential weaknesses in the crypto,” Proffero experts said.

The experts made a tool to check all possible seeds and create key and IV pairs to match them against VMDK headers. This allowed them to restore the decryption keys. Profero also leveraged the scarce VMDK files, where most of the content was unencrypted, as the ransom was partially encrypted. The experts then directly recovered the most needed files, avoiding brute-force decryption for most of the data.

Read more »
Russia
Cyber Crime ICC Israel Justice Russia

International Criminal Court Hit by Advanced Cyber Attack, No Major Damage

International Criminal Court Hit by Advanced Cyber Attack, No Major Damage

Swift discovery helped the ICC

Last week, the International Criminal Court (ICC) announced that it had discovered a new advanced and targeted cybersecurity incident. Its response mechanism and prompt discovery helped to contain the attack. 

The ICC did not provide details about the attackers’ intentions, any data leaks, or other compromises. According to the statement, the ICC, which is headquartered in The Hague, the Netherlands, is conducting a threat evaluation after the attack and taking measures to address any injuries. Details about the impact were not provided. 

Collective effort against threat actors

The constant support of nations that have ratified the Rome Statute helps the ICC in ensuring its capacity to enforce its mandate and commitment, a responsibility shared by all States Parties. “The Court considers it essential to inform the public and its States Parties about such incidents as well as efforts to address them, and calls for continued support in the face of such challenges,” ICC said. 

The ICC was founded in 2002 through the Rome Statute, an international treaty, by a coalition of sovereign states, aimed to create an international court that would prosecute individuals for international crimes– war crimes, genocide, terrorism, and crimes against humanity. The ICC works as a separate body from the U.N. International Court of Justice, the latter brings cases against countries but not individuals.

Similar attack in 2023

In 2023, the ICC reported another cybersecurity incident. The attack was said to be an act of espionage and aimed at undermining the Court’s mandate. The incident had caused it to disconnect its system from the internet. 

In the past, the ICC has said that it had experienced increased security concerns as threats against its various elected officials rose. “The evidence available thus far indicates a targeted and sophisticated attack with the objective of espionage. The attack can therefore be interpreted as a serious attempt to undermine the Court's mandate," ICC said. 

The recent notable arrests issued by the ICC include Russian President Vladimir Putin and Israeli Prime Minister Benjamin Netanyahu.

Read more »
Technology
Bitcoin Crypto Israel Startups Technology

Tech Ventures: Israel Advances in Crypto Ecosystem

Tech Ventures: Israel Advances in Crypto Ecosystem

Israel, often known as the "Startup Nation," has emerged as a global leader in cybersecurity, defense, and internet technologies. Cryptocurrency has easily integrated into the high-tech ecosystem, transforming the digital asset class and blockchain technology into key drivers of the country's economic growth. 

Bitcoin ETFs: The Game Changer

In January 2024, when the Securities and Exchange Commission approved various Bitcoin ETFs in the United States, the worldwide crypto market had a 70% price increase, bringing more than $11 billion into the industry. BTC ETF options for US markets were announced in November 2024, resulting in increased retail and institutional investor inflows into the crypto markets. This contributed to the global crypto bull run.  

Blockaid, Ingonyama, Tres, Oobit, and Fordefi are all part of Israel's cryptocurrency ecosystem. In January 2024, Israel had 24 "unicorns". These are private enterprises worth more than $1 billion.  Then there's Starkware, a leader in the Ethereum scaling field, which has reached a $20 billion valuation since the creation of the $STARK token. 

According to a recent yearly assessment, Tel Aviv has the fifth most attractive startup ecosystem in the world. Despite geopolitical uncertainties, the crypto community will undoubtedly increase. These are cryptocurrency enthusiasts, after all.

Israel and Tech Startup Landscape

Israel has traditionally inspired the technology sector, so it was logical that the blockchain would find its place here. The country has a strong emphasis on education, research, and development, as well as a surplus of technical skills. 

They discovered an odd ally in military intelligence who has assisted in the development of tech entrepreneurs and the facilitation of their cryptocurrency investments. Unit 8200 is deeply involved in the cryptocurrency world, and its alumni have joined and established successful firms, bringing government ties, extensive cybersecurity knowledge, and a well-rounded computer education to the blockchain. The Mamram Blockchain Incubator is also associated with the IDF's Centre for Computing and Information Systems.

Tech Revolution in Israel

The Israeli government has contributed to the digital revolution by publicly experimenting with one of the world's first Central Bank Digital Coins. In 2021, the government released the first prototype of the Digital Shekel, and the Bank of Israel recently announced a Digital Shekel Challenge to investigate potential CBDC uses.

The country is also investing in supercomputer technology to compete in the Artificial Intelligence arms race and keep its position at the forefront of the tech start-up scene. 

Read more »
WhatsApp
Cyber Attacks espionage Iran Israel spying surveillance Telegram WhatsApp

Iran Spies on Senior Israeli Officials, Launches Over 200 Cyberattacks

Iran Spies on Senior Israeli Officials, Launches Over 200 Cyberattacks

Shin Bet, an Israeli Cybersecurity Service said recently it discovered over 200 Iranian phishing attempts targeting top Israeli diplomats to get personal information. Shin Bet believes the attacks were launched by Iranian actors through Telegram, WhatsApp, and email. 

The threat actors tried to bait targets into downloading infected apps that would give them access to victim devices and leak personal data like location history and residential addresses.

Iran Targeting Israeli Officials

The targeted senior officials include academicians, politicians, media professionals, and others

ShinBet said the stolen information would be used by Iran to launch attacks against Israeli nationals “through Israeli cells they have recruited within the country.” The targets were reached out with an “individually tailored cover story for each victim according to their area of work, so the approach doesn’t seem suspicious.”

In one case, the attacker disguised as a Cabinet Secretary lured the target saying he wanted to coordinate with PM Benjamin Netanyahu. Shin Bet has tracked the targets involved in the campaign and informed them about the phishing attempts. 

“This is another significant threat in the campaign Iran is waging against Israel, aimed at carrying out assassination attacks. We request heightened awareness, as cyberattacks of this type can be avoided before they happen through awareness, caution, suspicion, and proper preventative behavior online,” said a Shin Bet official.

Reasons for attack

Shin Bet “will continue to act to identify Iranian activity and thwart it in advance.” It believes the motive behind the attacks was to manage future attacks on Israeli nationals using information given by Israeli cells recruited by Iran. The campaign is a sign of an escalation between Iran and Israel, the end goal being assassination attempts.

The bigger picture

The recent discovery of phishing campaigns is part of larger targeted campaigns against Israel. In September 2024, 7 Jewish Israelis were arrested for allegedly spying on IDF and Israeli security figures for Iran. 

The Times of Israel reports, “Also in September, a man from the southern city of Ashkelon was arrested on allegations that he was smuggled into Iran twice, received payment to carry out missions on behalf of Tehran, and was recruited to assassinate either Israel’s prime minister, defense minister, or the head of the Shin Bet.”

Read more »
Technology
Cloud Computing IDF Intelligence Israel Technology

3 Billion Attacks and Counting: The IDF’s Cyber Resilience

3 Billion Attacks and Counting: The IDF’s Cyber Resilience

The Battlefield: Cloud Computing

Cloud computing has become an integral part of modern military operations. The IDF relies heavily on cloud-based systems from troop management to logistics, communication, and intelligence gathering. These systems allow for flexibility, scalability, and efficient resource allocation. 

However, they also make attractive targets for cyber adversaries seeking to disrupt operations, steal sensitive information, or compromise critical infrastructure.

The Israel Defense Forces' cloud computing network has been subjected to almost three billion cyber attacks since the conflict between Israel and Hamas began on October 7, according to the officer in charge of the military's computer section. However, all of the attacks were detected and did not do any damage.

Col. Racheli Dembinsky, chief of the IDF's Center of Computing and Information Systems (Mamram), made the discovery on Wednesday during the "IT for IDF" conference in Rishon Lezion.

According to Dembinsky, the attacks targeted operational cloud computing, which is used by numerous systems that serve troops on the ground during conflict to communicate information and forces' whereabouts.

The Scale of the Threat

Three billion attacks may sound staggering, and indeed it is. These attacks targeted operational cloud computing resources used by troops on the ground during combat. Imagine the strain on the network as thousands of soldiers accessed critical data simultaneously while under fire. Despite this immense pressure, Mamram’s cybersecurity experts managed to fend off every attempt.

Dembinsky did not specify the types of assaults or the level of danger they posed, but she did state that they were all blocked and that no systems were penetrated at any time.

Mamram, the IDF's central computing system unit, is responsible for the infrastructure and defense of the military's remote servers.

Hamas terrorists stormed Israel on October 7, killing over 1,200 people, the majority of them were civilians, and capturing 251. It has also been stated that cyberattacks were launched against Israel on October 7. Dembinsky corroborated this.

The Human Element

While technology played a crucial role, the expertise and dedication of Mamram’s personnel truly made a difference. These cyber warriors worked tirelessly, analyzing attack vectors, identifying vulnerabilities, and devising countermeasures. Their commitment to safeguarding Israel’s digital infrastructure was unwavering.

Since the start of the war, certain cyberattacks have been effective against Israeli civilian computer systems. Iranian-backed hackers targeted the Israel State Archives in November, and it was only recently restored to service. Hackers also successfully targeted the computer systems of the city of Modiin Illit.

The Defense Strategy

Last month, Israel's cyber defense chief, Gaby Portnoy, stated that Iran's cyber attacks have become more active since the commencement of the war, not only against Israel but also against its allies.

Read more »
Ukraine
aviation Bot Traffic Cyber Security Digital era Electronic Data GPS GPS Jamming Israel New York Spoofing Ukraine

GPS Warfare: Ukraine-Israel Tensions Raise Alarms

GPS is used for navigation in almost every device in this age of rapid technological development. Israel may have been involved in recent GPS jamming and spoofing occurrences in Ukraine, according to reports that have revealed a worrying trend. These accidents constitute a serious threat to the worldwide aviation sector and a topic of regional concern. 

The New York Times recently reported on the growing instances of GPS disruptions in Ukraine, shedding light on the potential involvement of Israeli technology. According to the report, Israel has been accused of jamming and spoofing GPS signals in the region, causing disruptions to navigation systems. The motives behind such actions remain unclear, raising questions about the broader implications of electronic warfare on international relations. 

The aviation sector heavily relies on GPS for precise navigation, making any interference with these systems potentially catastrophic. GPS jamming and spoofing not only endanger flight safety but also have the capacity to disrupt air traffic control systems, creating chaos in the skies.

The aviation industry relies heavily on GPS for precision navigation, and any interference with these systems can have dire consequences. GPS jamming and spoofing not only jeopardize the safety of flights but also can potentially disrupt air traffic control systems, leading to chaos in the skies.

The implications of these incidents extend beyond the borders of Ukraine and Israel. As the world becomes increasingly interconnected, disruptions in one region can reverberate globally. The international community must address the issue promptly to prevent further escalations and ensure the safe operation of air travel.

Governments, aviation authorities, and technology experts need to collaborate to develop countermeasures against GPS interference. Strengthening cybersecurity protocols and investing in advanced technologies to detect and mitigate electronic warfare threats should be a priority for nations worldwide.

Preserving vital infrastructure, like GPS systems, becomes crucial as we manoeuvre through the complexity of a networked world. The GPS jamming events between Israel and Ukraine serve as a sobering reminder of the gaps in our technology and the urgent necessity for global cooperation to counter new threats in the digital era.
Read more »
Subscribe to: Comments (Atom)