Reportedly, a hacker group called Moses Staff claimed that
it has successfully conducted a cyber attack on the Israeli Defense
Ministry, releasing files and photos obtained from the ministry's servers.
Moses Staff's website claims that the group has hacked over
165 servers and 254 websites and compiled over 11 terabytes of data, including
Israel Post, the Defense Ministry, files related to Defense Minister Benny
Gantz, the Electron Csillag Company and Epsilor Company.
"We've kept an eye on you for many years, at every
moment and on each step," wrote the group in the announcement of the
attack on their Telegram channel. "All your decisions and statements have
been under our surveillance. Eventually, we will strike you while you never
would have imagined."
Moses Staff claimed in the announcement to have access to
confidential documents, including reports, operational maps, information about
soldiers and units, and letters and correspondence. "We are going to
publish this information to aware [sic] all the world about the Israeli
authorities’ crimes," warned the group.
The files leaked included photos of Gantz and IDF soldiers
and a 2010 letter from Gantz to the Deputy Chief of the Joint Chiefs of Staff
and Chief of Intelligence in the Jordian Armed Forces. The leaked files also
included Excel files allegedly containing the names, ID numbers, emails, addresses,
phone numbers and even socioeconomic status of soldiers, mechina pre-military
students and individuals connected to the Defense Ministry.
The group stated on its website that it is targeting the
same people who "didn't tolerate" the legitimacy of Moses, seemingly
the reason for the name Moses Staff.
The group's description states that it will not forget
"the soldiers whose blood is shed due to wrong policies and fruitless
wars, the mothers mourning for their children, and all the cruelty and
injustice were [were] done to the people of this nation." The group did
not clarify in its description which soldiers it was referring to.
It is as of yet unclear if the group is acting independently
or is backed by a state.
Moses Staff leaked identifying information, addresses and
information about packages from an attack it says it conducted on the Israel
Post. The group also leaked pictures of identity cards from a number of
companies it claims it attacked.
The group's website also has a contact form for those
interested in joining the group.
The National Cyber Directorate stated in response to the
leaks that it has repeatedly warned that hackers are exploiting vulnerability
on the Exchange email service in order to attack organizations.
The Directorate once again calls on organizations to
implement in their systems the latest critical updates that Microsoft has
released for this vulnerability – a simple and free update that can reduce the
chance of this attack.
"Over the past few years we have heard a great deal
about exposure of soldiers' details and military information at various levels
of classification as a result of information security failures on various
websites and applications," said cyber security consultant Einat Meyron,
adding that while most of the exposures were seemingly innocent, this incident
shows that there are anonymous hacker groups systematically collecting
such information.
Meyron stressed that attackers aiming to impact the image of
Israel, a country that sees itself as a defense and cyber security power, are
patient and don't reveal all their cards at once. The cyber security consultant
urged companies to take information security seriously, adding that many
companies can often protect themselves with tools they already have as long as
they have a correct understanding of the risks and their consequences.
The attack is the latest in a long series of cyber attacks
on Israel in recent years. Earlier this month, the Hillel Yaffe Medical
Center in Hadera was targeted by a ransomware attack that affected its
computer systems.
Cybereason also revealed earlier this month that MalKamak,
an Iranian state-supported hacker group, was running a highly targeted
cyber-espionage operation against global aerospace and telecommunications
companies, stealing sensitive information from targets around Israel and the
Middle East, as well as in the United States, Russia and Europe. The threat
posed by MalKamak is still active.
Last month, a hacker group called Deus leaked data it claims
it obtained in a cyber attack on the Israeli call center service company
Voicenter from the company’s customers, including 10bis, CMTrading, Mobileye,
eToro, Gett and My Heritage. The data leaked so far include security camera and
webcam footage, ID cards, photos, WhatsApp messages and emails, as well as
recordings of phone calls.
A series of cyber attacks has plagued Israeli businesses and
institutions in the past two years, including Israel Aerospace Industries, the
Shirbit insurance company and the Amital software company.
The National Cyber Directorate reported that it handled more
than 11,000 inquiries on its 119 hotline in 2020, some 30% more than it handled
in 2019. The directorate made about 5,000 requests to entities to handle
vulnerabilities exposing them to attacks and was in contact with about 1,400
entities concerning attempted or successful attacks.