The Israeli hosting firm CyberServe was targeted by the BlackShadow hacker organization, which stole client records and disrupted the company’s services.
CyberServe is a web development and hosting company based in Israel used by many organizations, including local radio stations, educational institutions, and museums.
Visitors to CyberServe-hosted websites have been getting website problems or indications claiming the site is unreachable due to a cybersecurity incident since Friday.
BlackShadow, a hacker organization, has claimed responsibility for the CyberServe hack and is extorting $1 million in cryptocurrencies from the hosting provider and its clients in exchange for not leaking stolen data.
The actors established a 48-hour deadline for this extortion demand, which began on Saturday, but they almost instantly disclosed a sample of 1,000 documents to support their case.
A database holding the personal information of a big LGBT site called ‘Atraf’ is included in the data theft, making the security incident highly serious.
This attack has also impacted websites of the following:
- The Kavim (Dan Bus) public transportation firm
- The Kan public broadcaster
- The Pegasus travel agency
- The Holon Children’s Museum
The National Cyber Directorate said to The Times of Israel that they had notified CyberServe multiple times in the preceding days of an impending cyber attack.
It’s unclear whether CyberServe ignored the warnings or could not locate the security flaw exploited by the threat actors.
BlackShadow is an Iranian state-sponsored hacker operation that has acknowledged ties to the Pay2Key ransomware strain, which has been used against Israeli targets on many occasions.
Unlike other ransomware operations, however, the threat actors behind BlackShadow are not thought to be motivated by money.
According to Omri Segev Moyal, co-founder and CEO of Israeli cybersecurity firm Profero, these hacker organizations’ activities are retaliatory and intended to undermine Israeli interests.