A recently emerged Iranian cyber gang, calling itself “Cyber Toufan,” has allegedly leaked data from 49 Israeli firms, as reported by the threat Intelligence platform FalconFeedsio. Researchers believe that a breach in a single hosting company caused many incidents.
Cyber Toufan itself claimed responsibility for breaching high-profile organizations since its emergence on November 16th, 2023.
According to the FalconFeedsio researchers, in recent weeks, a massive data breach and subsequent data leaks affected 49 Israeli companies, including the Israel Innovation Authority, Toyota Israel, the Ministry of Welfare and Social Security, Ikea Israel, cybersecurity and geo-intelligence company Max Security, and others. See the full list of companies below.
“Contrary to popular belief, the cyber attackers did not breach all these companies individually. Instead, they targeted a single hosting company, Signature-IT, and allegedly stole data belonging to 40 Israeli firms,” FalconFeedsio’s post on X reads.
Signature-IT provides e-commerce and website hosting services to customers in Israel.
Researchers are linking the attack to the Iranian group, which is believed to have exfiltrated a substantial amount of client data and then wiped all the data from the hosting.
“The breach is a stark reminder of the ever-evolving threat landscape in cyberspace. The alleged Iranian cyber group's attack on a hosting company as a means to access a multitude of targets underscores the importance of robust cybersecurity measures and constant vigilance in an interconnected world,” FalconFeedsio post reads.
Cybersecurity company SOCRadar profiled Cyber Toufan as a sophisticated entity, potentially state-sponsored.
“Their rapid rise and effective execution of complex cyberattacks suggest a level of support and resources that are not typically available to independent hacker collectives. Cybersecurity experts and intelligence analyses have pointed towards potential Iranian backing, given the group’s style, targets, and the geopolitical narrative underpinning their attacks,” SOCRadar’s report reads.
Cyber Toufan’s first post appeared on their Telegram channel on November 18th, 2023, and it claimed to have “destroyed over 1,000” servers and critical databases after spending weeks exfiltrating all the data.
Since then, the gang has posted samples of leaked data on their channel. According to the ransomware.live aggregator, the group has claimed 110 victims. The latest of them are Israeli companies Teldor and Erco, posted on December 22nd, 2023.
“By attacking Signature-IT, they [Cyber Toufan] were able to access a large list of companies and national entities’ websites. Every day, they leak large databases taken from the websites of at least one entity. These are big SQL files (from 700MB to a few or 16GB) with data of millions of users, including emails, phone numbers, names, and business interactions done on the site with comments left to the owner of the site,” Gil Messing, Chief of Staff at Check Point Software Technologies, explained to CSO.
Check Point researchers previously noted an 18% rise in cyberattacks targeting Israel compared to the weeks leading up to October 7th. According to them, Iranian-affiliated groups, such as CyberAv3ngers and Cyber Toufan, appear to be adopting a narrative of retaliation.
“By opportunistically targeting US entities using Israeli technology, these hacktivist proxies try to achieve a dual retaliation strategy – claiming to target both Israel and the US in a single, orchestrated cyber assault,” Check Point researchers noted.
Cyber-war operations between Israel and Iran recently escalated, with the Israel-linked group Predatory Sparrow taking responsibility for a crippling blow to Iranian gas station infrastructure, which left 70% of gas stations inoperable.
Israel and American cyber defense agencies, including CISA, FBI, and NSA, released the advisory highlighting continued malicious cyber activity by Iran-sponsored cyber actors and urging to better protect water, wastewater system facilities, and other sectors.
Israel recently claimed that Iran and Hezbollah were behind the attempted cyber-attack on the Ziv Medical Center in Safed. The attackers managed to steal some sensitive information. However, they failed to disrupt the hospital’s operations.
FalconFeedsio shared this list of the unfortunate victims that were allegedly affected by the recent Cyber Toufan cyber operation:
- ACE Hardware
- Shefa Offline
- National Archive
- Radware
- MAX Security & Intelligence
- Israel Innovation Authority
- Ikea Israel
- Berkshire eSupply's
- Keter Group
- ISCAR Ltd.
- Homecenter Israel
- Israel Nature and Parks Authority
- The Academic College of Tel Aviv (MTA)
- Lumenis
- Toyota Israel
- H&O for Schools
- Israeli Ministry of Health
- SodaStream
- Toys "R" Us Israel
- Camel Grinding Wheels (CGW)
- RESERVED Israel
- SEACRET Australia
- Carter's Oshkosh Israel
- Hagarin
- Osem Israel
- Bermad Israel
- ZapGroup Israel
- Novolog
- Semicom
- Kravitz
- Biopet
- GS1 Israel
- Audi Dagan Insurance Agency Ltd.
- Ministry of Welfare and Social Security
- Scope Metals Group Ltd
- SpaceX
- Brother
- Graf
- Dorot
- CURVER
- Techno-Rezef
- Ta-Supply
- NaanDan
- USTG
- StraussGroup
- ZokoEnterprise
- TEFEN Flow and Dosing Technologies Ltd.
- Erco
- Teldor
Your email address will not be published. Required fields are markedmarked