All Articles

Unveiling Iranian Cyber Aggression: Black Shadow's Ransomware Tactics By Omri Segev Moyal

Posted by Gaya M on May 13, 2024 at 6:29pm in Blog

Unveiling%20Iranian%20Cyber%20Aggression%20Black%20Shadows%20Ransomware%20Tactics.png?profile=RESIZE_710x

 
 

This video delves into the cyber attack orchestrated by the group Black Shadow on an Israeli insurance company, Sherbet. Despite using common hacking techniques like web shells and credential harvesting, the attack garnered attention due to the group's strategic use of media exploitation.

 

 

 

 

Here is the verbatim discussion:

 

The mainblow and the leakage of an act to a very interesting company, an insurance company in israel called Sherbet and they were attacked by a so-called group with the acronym of black shadow the main difference in this attack again nothing really fancy not any fancy tools nothing was unique it wasn't any what we used to see as an apt type of style with really sophisticated tools but very common things like web shells credentials harvesting some very normal payloads they use very simple wipers i'm not mistaken written in dotnet they use some custom trojans which we're also going to see later on they use ssh tunnels etc reverse proxy to leap to to hack the organization really a normal organization with a really you know basic security should have been able to stop them but for some reason they were not able to but the main difference here and this is why we also call it an info op but what the group here and by this time it was actually pretty obvious it was iranian a group called fox kittens uh by clear sky for example  they used telegram to lick and cause quite a panic in israel they heavily exploited the israeli media to amplify the attack and they did it in let's say in chunks so to get more atmosphere and show it was a really big hack and quite from there it was quite obvious that it's not an extortion attempt it's mainly someone trying to look at the stuff we even thought she'll be really bad but after that because some of the languages and the way they operated and the adversarial tools it was quite clear that this is an iranian campaign trying to make israel look bad and of course ransomware was not ransom was not paid etc

 

 

Highlights :

Attack Details:

  • The attack on Sherbet involved basic hacking methods like web shells and credential harvesting, indicating a lack of sophisticated tools.
  • The attackers utilized simple wipers and custom trojans, along with SSH tunnels and reverse proxies to infiltrate the organization.

Media Exploitation:

  • Black Shadow leveraged Telegram to leak information, causing widespread panic within Israel.
  • The group heavily utilized Israeli media platforms to amplify the impact of the attack, strategically releasing information in stages to create a sense of urgency and scale.

Attribution:

  • The attack was attributed to the Iranian cyber group, Fox Kittens, by cybersecurity experts like Clear Sky.
  • The exploitation of media and the nature of the attack indicated a deliberate attempt by Iran to tarnish Israel's reputation rather than a typical extortion scheme.

 

 

The Black Shadow attack on Sherbet serves as a stark example of how cyber warfare extends beyond technical infiltration. By exploiting media channels, the attackers aimed to magnify the perceived impact of the attack, underscoring the strategic nature of cyber operations in modern geopolitics.

 
 

Speaker:

 

Omri Segev Moyal is a renowned cybersecurity expert known for his expertise in ethical hacking and vulnerability research. With a background in computer science and extensive experience in the cybersecurity industry, Moyal has made significant contributions to enhancing digital security and raising awareness about cyber threats. His work spans across various domains, including penetration testing, malware analysis, and security research, making him a respected figure in the cybersecurity community.

 

https://www.linkedin.com/in/omrimoyal/

https://twitter.com/GelosSnake

 
 
 

 

 

Views: 422
Tags: omri segev moyal, ciso
E-mail me when people leave their comments –
Follow

You need to be a member of CISO Platform to add comments!

Join CISO Platform

CISO Platform

A global community of 5K+ Senior IT Security executives and 40K+ subscribers with the vision of meaningful collaboration, knowledge, and intelligence sharing to fight the growing cyber security threats.

Join CISO Community Share Your Knowledge (Post A Blog)