Cleared for publication: An Israeli who worked as a cleaner at Defense Minister Benny Gantz's home was arrested earlier this month on suspicions of espionage.

Follow Israel Hayom on Facebook and Twitter

The Israel Security Agency said Thursday that a joint Shin Bet-Israel Police investigation revealed that Omri Goren, 37, from Lod, reportedly contacted the Iran-affiliated Black Shadow hacker group of his own accord a few days before his arrest, and offered to provide information from within the defense minister's home.

Goren reportedly contacted the group via the Telegram messaging service. In exchange for an undisclosed sum of money, he offered to install spyware on the minister's computer that would allow access to it by a third party.

He also supposedly took photographs of Gantz's desk, computers, a tablet, a locked safe, a shredder, papers with IP address, a package with a label listing the souvenirs that Gantz received as IDF chief of staff, framed photos of the family, municipal tax bills and more.

Some of the photos Goren shared with the group to prove that he did indeed have access to the statesman's home. Shit Bet stressed howered that Goren was arrested before he could do any damage and as he had no access to classified materials, he did not share them with the hackers.

The investigation was conducted with Gantz's knowledge. Once the investigation concluded, the Central District  Prosecution filed an indictment against Goren for alleged espionage.

The Shin Bet said that in light of the incident, it has set out to research ways on how to limit "the possibility of cases like this repeating themselves in the future."

Gantz office stressed that due to exisitng information security protocols at the defense minister's home, Goren were never privy to classified informaiton, nor was he able to hand them over to his contacts.

Goren has a criminal record that includes five previous convictions between the years 2002-2013, and 14 police cases in total over various offenses, including two bank robbery charges, burglaries and thefts. For this, Goren was sentenced to four years in prison, with his last sentence, for robbery offenses, being for four years.

Subscribe to Israel Hayom's daily newsletter and never miss our top stories!

The post Worker at defense minister's home arrested for allegedly spying for Iran appeared first on www.israelhayom.com.

The Telegram instant messaging platform on Thursday blocked six additional channels created by the Iran-affiliated group of hackers known as Black Shadow. The hackers had used the channels to share data they obtained through their breach of the servers of Israeli web hosting company Cyberserve.

Follow Israel Hayom on Facebook and Twitter

Telegram blocked the channels after having received orders to do so by the Tel Aviv Magistrate's Court at the request of the State Attorney's Office.

Likewise, Google continues to remove search results that lead users to a website used by Black Shadow.

According to officials from the cyber unit at the State Attorney's Office, efforts to limit exposure to the personal information of those affected include the removal of the content itself to the extent possible, the blocking of access to content where efforts to remove them proved unsuccessful, and the filtering of search results that lead to the content in question.

On Friday evening, BlackShadow announced it had hacked the servers of Israeli internet company Cyberserve. The hackers shuttered the company's servers and threatened to leak data pertaining to hundreds of thousands of users.

Cyberserve is a web hosting company that provides servers and data storage for companies such as the Kan public broadcaster, the Israel Lottery, Taglit-Birthright, the Dan and Kavim public transportation companies, the Children's Museum in Holon, LGBTQ dating app "Atraf," tour booking company Pegasus, the Israeli Children's Museum, and dozens of other sites.

BlackShadow first surfaced last year, with a massive breach of Israeli insurance company Shirbit and later of KLS Capital. Information from both companies' clients was leaked in the days following the breach.

The group, which had threatened to leak the data obtained from Atraf if a $1 million ransom was not paid within 48 hours, claimed to have leaked the entire user database after its demands were not met Tuesday night.

Hours later, the Iranian hackers continued to wreak havoc Tuesday night as it released private information on nearly 300,000 Israelis receiving medical treatment at the Mor Institute, including patient requests and test results.

Subscribe to Israel Hayom's daily newsletter and never miss our top stories!

The post Telegram blocks 6 channels used by Iran-linked Black Shadow group appeared first on www.israelhayom.com.

Hours after leaking the personal details of users of an LGBTQ dating app, Iran-affiliated hacker group Black Shadow continued to wreak havoc Tuesday night as it released private information on nearly 300,000 Israelis receiving medical treatment at the Mor Institute, including patient requests and test results.

Follow Israel Hayom on Facebook and Twitter

Patients' credit card information does not appear to have been leaked at this time.

Black Shadow also published information on some 30,000 registered users of 103FM Radio's website and nearly 500,000 customers of Locker Ambin Ltd.

As was the case in the Atraf leak, the hackers shared the information via an Excel file shared with a new group they created on Telegram. The hackers also provided links allowing others to download information obtained from the Atraf app. The messaging app was forced to take action on the matter after being ordered to do so by the State Attorney's Office.

On Friday evening, BlackShadow announced it had hacked the servers of Israeli internet company Cyberserve. The hackers shuttered the company's servers and threatened to leak data pertaining to hundreds of thousands of users.

Cyberserve is a web hosting company that provides servers and data storage for companies such as the Kan public broadcaster, the Israel Lottery, Taglit-Birthright, the Dan and Kavim public transportation companies, the Children's Museum in Holon, LGBTQ dating app "Atraf," tour booking company Pegasus, the Israeli Children's Museum, and dozens of other sites.

BlackShadow first surfaced last year, with a massive breach of Israeli insurance company Shirbit and later of KLS Capital. Information from both companies' clients was leaked in the days following the breach.

The group, which had threatened to leak the data obtained from Atraf if a $1 million ransom was not paid within 48 hours, claimed to have leaked the entire user database after its demands were not met Tuesday night.

Meanwhile, another group of hackers known as Moses Staff claimed to have broken into the databases of three Israeli engineering firms: H.G.M. Engineering, David Engineer, and Ehud Leviathan Engineering. Moses Staff leaked personal information of those companies' clients, including their identification numbers.

The hackers claimed to "have all of the data and projects of the engineering companies we breached, including maps, pictures of letters, contracts, and more. You can download some of this data from the link below. The company's information will be published gradually," they said.

Moses Staff previously claimed to have accessed information on Defense Minister Benny Gantz and released some of his personal photographs and documents.

Oded Vanunu, the head of Product Vulnerability Research at American-Israeli software firm Check Point, told Israel Hayom: "The full leak from the Atraf website should be a warning sign on the national level and on the level of the companies storing personal information on the Internet. The personal details of Israeli citizens are repeatedly being leaked following cyberattacks that could easily have been prevented. We should assume the information will be used for very precise phishing attacks by additional hacker groups around the world."

Subscribe to Israel Hayom's daily newsletter and never miss our top stories!

The post Black Shadow leaks info on hundreds of thousands more Israelis appeared first on www.israelhayom.com.

Black Shadow, the hacker group that threatened to leak the data obtained from gay dating app Atraf if a ransom of $1 million was not paid, claimed to have uploaded the entire user database after its demands were rejected.

Follow Israel Hayom on Facebook and Twitter

The Iranian-linked hacker group claimed it had managed to access data from various sites and apps serviced by Cyberserve, a web hosting company that provides other companies with servers and data storage throughout a wide range of industries.

The group had originally promised that it would not leak the private information of approximately a million people registered to the LGBT dating app if it was paid the ransom in full. They failed to mention what was going to happen to the data garnered from other companies and institutions.

After the deadline had passed, the hacker group announced their intention to follow through on the threat on Telegram, communicating in broken English.

"48 hours ended! Nobody send us money. They try to chat us, we will show you our chats. Data will be uploaded soon. But this is not the end, we have more plan," wrote the group. They then proceeded to upload screenshots of chats they purport took place between them and CyberServe, in which a counteroffer of $250,000 in bitcoin was made but seemingly rejected by the hackers.

"Do u really want to mess up with [the] Israel government, because this will end badly for u," wrote the alleged representative after signs that the group had no desire to accept their counteroffer, even after it had been raised to $350,000 in bitcoin. He also warned them of Israeli "cybercrime investigators", saying they would come after them, to no avail.

Cyberserve denied claims by Black Shadow that the screenshots represent a delegate of their company, emphasizing that they have not nor do they intend to conduct any sort of negotiations with the group.

Subscribe to Israel Hayom's daily newsletter and never miss our top stories!

The post Hackers claim to release entire database of LGBT dating app appeared first on www.israelhayom.com.

The personal information of thousands of Israelis was compromised Saturday following a cyberattack on the database of a major Israeli financial services firm.

Follow Israel Hayom on Facebook and Twitter

According to a report in Walla News, "BlackShadow," the same group that carried out a cyberattack on the Shirbit insurance company in December, managed to breach the database of KLS Capital, which has over 26,000 clients.

"Their servers are down and we have all their clients' information," the group wrote on the Telegram instant messaging platform.

According to reports, the hackers demanded a 1.9 million shekel ($570,000) ransom in bitcoin, which KLS refused to pay.

According to BlackShadow, following 72 hours of failed negotiations, they began to leak thousands of the company's documents, including clients' driver-license photos, ID numbers – including that of the CEO – client, and copies of checks.

"Approximately three days ago, the National Cyber Security Authority contacted KLS Capital and warned of a possible cyber-attack on the company," the firm, founded 20 years ago, said in a statement, adding that the strike was similar to others carried out by Iran in the past, where Israeli government, civil and private institutions were targeted.

The company acted immediately to protect its servers and worked together with the National Cyber Directorate to investigate the incident, the statement said.

"It is not yet known how much information had been revealed and the company will be in touch with its clients based on findings."

The NCD issued a statement calling on companies to take the necessary steps to prevent cyberattacks and take responsibility for their clients' information.

Ido Naor, founder and CEO of cybersecurity company Security Joes explained that BlackShadow "did not change its pattern" with its latest attack.

 Subscribe to Israel Hayom's daily newsletter and never miss our top stories!

"This group brands itself as anti-Zionist and it aims to create political propaganda. This attack shows that the hackers are not trying to breach a significant target, or they simply lack the skills to do so."

He further noted that "we've recently seen some very dangerous vulnerabilities in the Microsoft email exchange that are used, time and again, by skilled hackers. Still, Blackshadow didn't opt for that route. It's hard to believe that another cyberattack will resonate as much as the first one did."

i24NEWS contributed to this report. 

The post BlackShadow strikes again, hits major Israeli financial firm appeared first on www.israelhayom.com.