Cyberattack hits Israeli companies, with Iran reportedly the likely culprit

Times of Israel

A major cyberattack earlier this month hit dozens of Israeli logistics companies, with hackers making off with information from servers, according to a report of the incident by one of the victims filed Sunday to the Tel Aviv Stock Exchange.

The attack hit Amital Data, which provides its Unifreight logistics software, and at least 40 of its clients.

An investigation found that there may have been 15-20 additional companies, not Amital clients, that were also targeted in the attack, although the full list is still unknown, the Calcalist website reported.

No ransom has been demanded for the information — as was the case in a massive data theft from an Israeli insurance company earlier this month — and the identity of those behind the attack is not known.

Reports said Iran is believed to be the likely culprit.

There have been at least five suspected Iranian cyberattacks on the country during 2020, including one that targeted Israel’s water infrastructure.

In addition to the National Cyber Directorate, the Comsec information security company is assisting Amital to investigate the incident, the Marker financial news site reported.

Orian, which specializes in freight movement, logistics, and custom clearance, told the stock exchange in a statement that after it had received an alert last week from Amital following a cyber incident, “information stored on one of Orian’s servers was leaked.”

It said that, “to the best of the company’s knowledge,” the same breach also hit “40 more Amital customers.”

Amital said in a statement that two weeks ago the company identified an attack on itself and on some of its clients.

“The event is a link in a chain of parallel events at the national level that have been investigated and are being investigated and monitored by the Israel National Cyber Directorate,” it said.

So far there was “point damage,” Amital said, adding that it would provide further updates when there were developments,.

The Globes business website reported that Amital told its clients the attack was an “advanced persistent threat,” a kind of assault that is usually carried out by nation states or those sponsored by them.

Amital’s software is used in managing customs commissions, leading to concern that as a result of the attack there may be delays in the release of some shipments to Israel, in both the private and business sectors, Hebrew media reported.

In its update to the stock exchange, Orian said that it had managed to plug the leak within hours of its discovery and a thorough investigation had assessed the kind of data that was leaked, but that it had not identified the specific information.

It said the incident did not interrupt the company’s day-to-day activities, that it was working with the Israel National Cyber Directorate on the matter and that it would boost its information security.

Iran and Israel have reportedly been engaged in a cyber-war that has become more intense over the past year.

In October a pair of cybersecurity firms reported that Iranian hackers, contracted by the country’s Islamic Revolutionary Guard Corps targeted prominent Israeli companies in a series of ransomware attacks in September.

That report came in the same week that Iranian officials said the country’s Port Authority had been hit in a cyberattack, and vaguely confirmed that two governmental departments had also been attacked.

A major cyberattack in May at Iran’s Bandar Abbas port was also blamed on Israel, which was apparently responding  to an alleged Iranian attempt to hack into its water infrastructure system.

Separately, last week, hackers who had stolen a mass of personal details on clients of the Shirbit Insurance company apparently began selling the information on the internet.

https://www.timesofisrael.com/israels-supply-chain-targeted-in-massive-cyberattack/