An Iran-linked hacking group on Sunday claimed to have breached the Israeli Aerospace Industries’ computer systems, in the latest in a series of cyberattacks on Israeli firms.
The group, known as Pay2Key, revealed its alleged hack in a tweet.
“Knock Knock! Tonight is longer than longest night for @ILAerospaceIAI,” the group wrote cryptically.
The state-owned Israeli Aerospace Industries said it was looking into the matter.
Tonight is longer than longest night for @ILAerospaceIAI
New logo appeared in #Pay2Key directory, check it out!
— Winter is coming (Pay2Key) (@PKeytwt) December 20, 2020
The hacking group, which has been tied to Iran, also mentioned a systems administrator at the defense contractor’s Elta subsidiary by name, Koby Fiada, revealing his password.
The Israeli cyber security firm ClearSky, which released a report on Pay2Key three days before the alleged IAI hack, said the group was likely an offshoot of an Iranian hacking cooperative known as Fox Kitten.
“We estimate that this campaign is part of the ongoing cyber confrontation between Israel and Iran, with the most recent wave of attacks causing significant damage to some of the affected companies,” ClearSky wrote last Thursday.
According to Karine Nahon, an Israeli information scientist, Pay2Key released employee data files, on Sunday night, on the so-called dark web, parts of the internet that are not indexed by search engines.
One of them, belonging to a Zvika Weiss, included his username. Nahon said hundreds of these files were distributed online.
According to ClearSky, though Pay2Key portends to be an outfit specializing in ransomware, in which hackers take control of data or systems and demand payment for their release, the group is in fact conducting cyberattacks on Israeli companies as part of an ongoing campaign against the Jewish state by Tehran.
“We estimate with a medium level of confidence that this campaign (Pay2Key) is part of Iran information warfare aimed to create panic to Israel and in other countries world-wide,” the cyber security company said.
נכון לעכשיו ההאקרים Pay2Key העלו קובץ עם שמות המשתמשים מהתעשיה האווירית בדארקווב. כך נראה המידע לגבי משתמש אחד.
צביקה וייס. היוזרניים שלו במערכת התעשיה zw93288.
יש מאות כאלה בקובץ.@NevoTrabelsy pic.twitter.com/Qy2eFuq4tX
— Karine Nahon • קרין נהון (@karineb) December 20, 2020
The alleged hack of the Elta subsidiary came after a major cyberattack — also by Pay2Key, according to ClearSky — earlier this month hit dozens of Israeli logistics companies, with hackers making off with information from servers, according to a report of the incident by one of the victims, Amital Data, filed to the Tel Aviv Stock Exchange.
An investigation found that there may have been 15-20 additional companies, not Amital clients, that were also targeted in the attack, although the full list is still unknown, the Calcalist website reported.
Iran was believed to be the likely culprit.
There have been at least five suspected Iranian cyberattacks on the country during 2020, including one that targeted Israel’s water infrastructure.
Iran and Israel have reportedly been engaged in a cyber-war that has become more intense over the past year.
In October, a pair of cybersecurity firms reported that Iranian hackers, contracted by the country’s Islamic Revolutionary Guard Corps, targeted prominent Israeli companies in a series of ransomware attacks during the previous month.
That report came in the same week that Iranian officials said that the country’s Port Authority had been hit in a cyberattack, and vaguely confirmed that two governmental departments had also been attacked.
A major cyberattack in May at Iran’s Bandar Abbas port was also blamed on Israel, which was apparently responding to an alleged Iranian attempt to hack into its water infrastructure system.
Separately, last week, hackers who had stolen a mass of personal details on clients of the Shirbit Insurance company apparently began selling the information on the internet.
Times of Israel staff contributed to this report.