Iranian hackers strike again target Israeli cyber-security firm Portnox

The Iranian hacker group Pay2Key reportedly hacked into the Israeli cyber-security firm Portnox on Thursday, Israeli media reported.

Portnox has a rich portfolio of hundreds of high profile clients, some considered the largest firms in the country, including defense company Elbit Systems.

The materials leaked by the hackers include a 15 page-long report that highlights security weaknesses in Elbit Systems. However, the report only goes as far as the year 2018, which may mean that most of the exposed weaknesses are no longer relevant.

The actual extent of the hack is still unclear at this point.

“Over a terabyte of documents, projects, coding files and others were extracted from the company’s servers,” the group wrote on their website on the dark web, according to Walla.

Portnox commented on the reported hack by saying that they were looking into the issue.

“In the last few hours, reports indicated a hack into the company’s internal servers by a hacking group that identifies itself as Pay2Key. The company has launched a comprehensive investigation in order to gain a full picture of the incident,” the Portnox statement read.

This is the second time this week that Iranian hackers claim to have managed to hack into Israeli firms based in Israel.

On Sunday, the same group claimed that it successfully hacked a range of Israeli defense industry companies, including the largest Israeli airpower defense corporation, Israel Aerospace Industries.

And if Israeli companies still doubt the capabilities of this hacker group, Israeli cyber-security company Check Point has confirmed that Pay2Key is an elite hacker group that operates by stealing data and threatening to leak it if its targets do not cooperate.

Various indications on social media pointed to an ongoing hacking operation launched by Pay2Key against a range of Israeli companies, and Thursday’s hack seems to support that notion.
Following Sunday’s hack, the Israeli tech website Geektim reported that an unknown user operating a Twitter account called 0x972DC or @EmbeddedOle had published five photos presumably belonging to hackers from Pay2Key or to people who assisted them somehow. The tweet was accompanied by the Hebrew text: “The clock is ticking for those who assisted Pay2Key.”

In another tweet, the anonyms Israeli user wrote: “Don’t think that Pay2Key are professionals or talented, they just used the zerologon weakness (or CVE-2020-1472) to gain access to the DC server of the Israel Aerospace Industries – not impressed.”

The account has since been deleted.

Source » jpost

You May Be Interested