­
Unveiling Iranian Cyber Aggression: Black Shadow's Ransomware Tactics By Omri Segev Moyal - All Articles - CISO Platform

Unveiling%20Iranian%20Cyber%20Aggression%20Black%20Shadows%20Ransomware%20Tactics.png?profile=RESIZE_710x

 
 

This video delves into the cyber attack orchestrated by the group Black Shadow on an Israeli insurance company, Sherbet. Despite using common hacking techniques like web shells and credential harvesting, the attack garnered attention due to the group's strategic use of media exploitation.

 

 

 

 

Here is the verbatim discussion:

 

The mainblow and the leakage of an act to a very interesting company, an insurance company in israel called Sherbet and they were attacked by a so-called group with the acronym of black shadow the main difference in this attack again nothing really fancy not any fancy tools nothing was unique it wasn't any what we used to see as an apt type of style with really sophisticated tools but very common things like web shells credentials harvesting some very normal payloads they use very simple wipers i'm not mistaken written in dotnet they use some custom trojans which we're also going to see later on they use ssh tunnels etc reverse proxy to leap to to hack the organization really a normal organization with a really you know basic security should have been able to stop them but for some reason they were not able to but the main difference here and this is why we also call it an info op but what the group here and by this time it was actually pretty obvious it was iranian a group called fox kittens uh by clear sky for example  they used telegram to lick and cause quite a panic in israel they heavily exploited the israeli media to amplify the attack and they did it in let's say in chunks so to get more atmosphere and show it was a really big hack and quite from there it was quite obvious that it's not an extortion attempt it's mainly someone trying to look at the stuff we even thought she'll be really bad but after that because some of the languages and the way they operated and the adversarial tools it was quite clear that this is an iranian campaign trying to make israel look bad and of course ransomware was not ransom was not paid etc

 

 

Highlights :

Attack Details:

  • The attack on Sherbet involved basic hacking methods like web shells and credential harvesting, indicating a lack of sophisticated tools.
  • The attackers utilized simple wipers and custom trojans, along with SSH tunnels and reverse proxies to infiltrate the organization.

Media Exploitation:

  • Black Shadow leveraged Telegram to leak information, causing widespread panic within Israel.
  • The group heavily utilized Israeli media platforms to amplify the impact of the attack, strategically releasing information in stages to create a sense of urgency and scale.

Attribution:

  • The attack was attributed to the Iranian cyber group, Fox Kittens, by cybersecurity experts like Clear Sky.
  • The exploitation of media and the nature of the attack indicated a deliberate attempt by Iran to tarnish Israel's reputation rather than a typical extortion scheme.

 

 

The Black Shadow attack on Sherbet serves as a stark example of how cyber warfare extends beyond technical infiltration. By exploiting media channels, the attackers aimed to magnify the perceived impact of the attack, underscoring the strategic nature of cyber operations in modern geopolitics.

 
 

Speaker:

 

Omri Segev Moyal is a renowned cybersecurity expert known for his expertise in ethical hacking and vulnerability research. With a background in computer science and extensive experience in the cybersecurity industry, Moyal has made significant contributions to enhancing digital security and raising awareness about cyber threats. His work spans across various domains, including penetration testing, malware analysis, and security research, making him a respected figure in the cybersecurity community.

 

https://www.linkedin.com/in/omrimoyal/

https://twitter.com/GelosSnake

 
 
 

 

 

Votes: 0
E-mail me when people leave their comments –

You need to be a member of CISO Platform to add comments!

Join CISO Platform

Join The Community Discussion

CISO Platform

A global community of 5K+ Senior IT Security executives and 40K+ subscribers with the vision of meaningful collaboration, knowledge, and intelligence sharing to fight the growing cyber security threats.

Join CISO Community Share Your Knowledge (Post A Blog)
 

 

 

CISO Platform Talks : Security FireSide Chat With A Top CISO or equivalent (Monthly)

  • Description:

    CISO Platform Talks: Security Fireside Chat With a Top CISO

    Join us for the CISOPlatform Fireside Chat, a power-packed 30-minute virtual conversation where we bring together some of the brightest minds in cybersecurity to share strategic insights, real-world experiences, and emerging trends. This exclusive monthly session is designed for senior cybersecurity leaders looking to stay ahead in an ever-evolving landscape.

    We’ve had the privilege of…

  • Created by: Biswajit Banerjee
  • Tags: ciso, fireside chat

CISO MeetUp: Executive Cocktail Reception @ Black Hat USA , Las Vegas 2025

  • Description:

    We are excited to invite you to the CISO MeetUp: Executive Cocktail Reception if you are there at the Black Hat Conference USA, Las Vegas 2025. This event is organized by EC-Council & FireCompass with CISOPlatform as proud community partner. 

    This evening is designed for Director-level and above cybersecurity professionals to connect, collaborate, and unwind in a relaxed setting. Enjoy…

  • Created by: Biswajit Banerjee
  • Tags: black hat 2025, ciso meetup, cocktail reception, usa events, cybersecurity events, ciso

6 City Playbook Round Table Series (Delhi, Mumbai, Bangalore, Pune, Chennai, Kolkata)

  • Description:

    Join us for an exclusive 6-city roundtable series across Delhi, Mumbai, Bangalore, Pune, Chennai, and Kolkata. Curated for top cybersecurity leaders, this series will spotlight proven strategies, real-world insights, and impactful playbooks from the industry’s best.

    Network with peers, exchange ideas, and contribute to shaping the Top 100 Security Playbooks of the year.

    Date : Sept 2025 - Oct 2025

    Venue: Delhi, Mumbai, Bangalore, Pune,…

  • Created by: Biswajit Banerjee

National Insider Risk Symposium, Washington DC, USA 2025

  • Description:

    We are excited to invite you to the 10th National Insider Risk Symposium, a premier forum bringing together leaders and experts from both the commercial and public sectors to address the evolving landscape of insider threats. CISOPlatform is a proud community partner for this event. 

    Event Details:
    Venue: National Housing Center, 1201 15th St NW, Washington, D.C. 20005
    Dates: September 17–18,…

  • Created by: Biswajit Banerjee
  • Tags: national insider risk symposium, ciso, cybersecurity events, usa events