Cyberserve Hijacked by BlackShadow Hacker Group to Extort Customers
The Threat Actors Behind BlackShadow Have Demanded $1 Million in Cryptocurrency, Threatening to Make the Stolen Data Public.
BlackShadow, an Iranian state-sponsored hacking group, conducted an attack on the web hosting provider Cyberserve in order to steal customer databases and disrupt the organization’s services.
Cyberserve is a web development and hosting organization based in Israel that works with a broad range of clients, including local radio stations, museums, and academic institutions.
Since Friday, visitors to Cyberserve-hosted websites have been experiencing website difficulties or receiving messages saying that the website is unavailable due to a cybersecurity event.
BlackShadow, a cybercrime organization, has claimed responsibility for the Cyberserve attack and is asking for $1 million in cryptocurrencies from the web hosting provider and its clients in exchange for not exposing stolen information.
The attackers set a 48-hour deadline for this extortion demand, which began on Saturday, but they almost instantly published a sample of 1,000 documents to show that they were not playing games.
Personal information from a large Israeli LGBT site called Atraf was allegedly leaked, which in a traditional society might have significant consequences for those who were exposed.
Atraf’s team did not contact us for any deal’s yet so we collected 50 famous Israeli that were surfing and we leak their video’s.
Black Shadow hackers also leaked data from the Kavim (Dan Bus) public transportation company, the tour booking company Pegasus, and the Israeli Children’s Museum.
The National Cyber Directorate had informed CyberServe multiple times in the past of an impending cyberattack, but it is not clear whether the web hosting provider ignored the warnings or was unable to identify the security flaw exploited by the malicious actors.
As explained by BleepingComputer, BlackShadow is an Iranian state-sponsored hacking group with confirmed ties to the Pay2Key ransomware strain, which has been used against Israeli victims on multiple occasions.
In contrast to other ransomware operations, the hackers behind BlackShadow are not believed to be motivated by financial gain.
The recent attacks from the so-called ‘BlackShadow’ are just another cycle of the clandestine Iran-Israeli war. It’s a well-constructed InfoOp combined with very weak hacking skills to hurt Israel. We assume the current cycle is also in retaliation for the attack against the gas pumps in Iran last week.