Chinese government-linked hackers accessed communications data from phones belonging to Donald Trump's family members and associates, according to a widening investigation reported by The New York Times. The investigation, launched two weeks ago, initially focused on breaches affecting Trump and JD Vance's personal phones. It has now expanded to include Trump's son, Eric Trump, and son-in-law, Jared Kushner, among the targets, reports the Guardian.

According to sources from The New York Times, fewer than 100 individuals were targeted in the sophisticated hacking operation, which compromised telecommunications company systems. The targets included members of Vice President Kamala Harris's campaign staff, diplomatic and policy experts, and an aide to Senate Majority Leader Chuck Schumer.

FBI investigators have found evidence that audio communications were compromised, with hackers potentially accessing unencrypted text messages and call logs on certain devices. The breach could provide Chinese intelligence valuable insight for potential influence campaigns.

Eric Trump blamed the security breach on the current administration, saying, "Does this surprise anyone? Under Kamala and Biden, China has walked all over our country." His response echoed a Trump campaign spokesman's statement from last week claiming the Democrats would "stop at nothing...to prevent Trump entering the White House."

The Trump campaign was notified that the Verizon network had been infiltrated, potentially exposing personal data linked to the former president, his running mate, and various government officials and private citizens.

US authorities have attributed the targeted breach to actors affiliated with the Chinese government. Western cybersecurity experts point to a group called Salt Typhoon, known for conducting sophisticated operations for Chinese intelligence. US security officials previously blamed the group for accessing the country's telecommunications system earlier this year. Recent discoveries show the hackers were targeting specific cell phone numbers, though it remains unclear whether they could access text messages, particularly those sent through encrypted services.

The post FBI: China hacked Trump family phones appeared first on www.israelhayom.com.

Iranian operatives have intensified their efforts to influence and monitor the 2024 US presidential election, according to research published by Microsoft on Thursday. The campaign includes creating fake news outlets targeting both liberal and conservative voters, as well as attempting to hack an unnamed presidential campaign.

Microsoft researchers uncovered phony news sites allegedly created by Iranian operatives, one of which referred to former President Donald Trump as an "opioid-pilled elephant in the MAGA china shop" and a "raving mad litigiosaur." Another fake Iran-backed outlet, posing as a "trusted source for conservative news" in Savannah, Georgia, focuses on LGBTQ issues and gender reassignment.

While these sites have not gained significant traction on social media, Microsoft warns that their influence could grow as the election approaches. The report, compiled from open-source materials and Microsoft's internal data, provides clear examples of what US intelligence officials described last month as an ongoing covert social media campaign by Iran to undermine Trump's candidacy and increase social discord in the US.

US Offering $10 Million Reward for Iranian #ICS Hackers https://t.co/KSXzF4NFCg

— SecurityWeek (@SecurityWeek) August 8, 2024

 Clint Watts, general manager of the Microsoft Threat Analysis Center, stated in a blog post, "The Iranians have laid the groundwork for influence campaigns on trending election-related topics and begun to activate these campaigns in an apparent effort to stir up controversy or sway voters – especially in swing states."

The report also revealed that a hacking group linked to Iran's Islamic Revolutionary Guard Corps attempted to breach the email account of a high-ranking official on a US presidential campaign in June. Microsoft said it notified the campaign of the hacking attempt but declined to specify which campaign was targeted.

When contacted by CNN, an official from Vice President Kamala Harris' campaign stated, "Microsoft has not notified us of any campaign accounts having been targeted in this manner." CNN has requested comment from the Trump campaign.

The Microsoft report also highlighted activities by Russian and Chinese operatives. Russian actors have allegedly tried to "drive headlines with fake scandals" since April, including false claims about CIA involvement in Ukrainian troll farms and FBI wiretapping of Trump's residence. Chinese online personas have attempted to amplify outrage around pro-Palestinian protests at US universities this spring.

US officials are preparing for various foreign intelligence services to attempt to influence or undermine confidence in the 2024 US elections. The Office of the Director of National Intelligence recently assessed that Russia "remains the predominant threat to US elections," while China "probably does not plan to influence the outcome" but may denigrate down-ballot candidates.

The post Microsoft reports Iranian hackers aiming to sway 2024 election appeared first on www.israelhayom.com.

A few weeks ago, when news articles were published about Russia's attempts to undermine the government of a certain European state, by chance I met with the ambassador of that particular country. After having expressed my disdain with these events, he responded by telling me that Israel is the one that really should be concerned. "We at least are aware of the problem and are adopting measures to contend with it," he said earnestly, "you simply prefer to turn a blind eye."

But not everybody here in Israel is turning a blind eye to the situation. Lieutenant Colonel (res.) Daniel Rakov, an analyst at the Jerusalem Institute for Strategy and Security (JISS), recently published an illuminating study on the manner in which Russia, from early 2023, has been operating an entire setup to influence public sentiment and intervene in Israel's domestic scene, as well as the ensuing threat that this poses.

"During 2023, I began to receive screenshots of posts on Facebook, which at first sight appeared to be nothing more than an interesting anecdote: the posts were written in rather poorly-worded Hebrew and were seasoned with graphic language that the average Israeli would find it difficult to relate to, with the common denominator in them all being the attempt to promote pro-Russian messages. The longer this went on, the more it became clear that it involved an organized campaign, and then a growing number of indications showed that this campaign was not limited to Hebrew alone – it was being conducted simultaneously in an additional 12 languages. In late 2023, one of the European intelligence services that had decided to 'get to grips' with this issue, exposed the original documents used in the planning of the Russian campaign. An obscure Telegram channel then leaked another document, and this led to the uncovering of the Russian modus operandi and the scope of the entire operation."

Rakov, who served for 20 years in the IDF's Military Intelligence Directorate and is a former research fellow at the Institute for National Security Studies' (INSS) Russia program, was naturally interested above all in the Israeli aspect of the Russian influence and disinformation campaign and just how it forms part of Russia's overall strategy in relation to Israel. He is now uncovering them for the first time, and these exposures should be of prime concern to both the public as a whole and the policymakers in particular.

The Russian campaign is based on the clone or doppelganger system – whereby they set up dummy websites that mimic websites of familiar Israeli media outlets (Walla, N12, Jerusalem Post, etc.) or those that do not exist at all, but whose names have a strong genuine ring to them ("Jerusalem Herald Tribune", for example) and then publish articles in them that are designed to promote the Russian agenda, on occasions these appear to be signed by renowned Israeli journalists and writers. The innocent reader, who has been led to these impostor websites via links or other forms of bait, probably has no idea that he was visiting a fake website rather than the genuine thing. He will then have read refined Russian propaganda in relation to the war in Ukraine, wrapped up in the apparent opinion of a highly esteemed Israeli columnist.

'Turning the screws' – applying forceful influence in Hebrew

In a similar vein to the dummy websites, the most popular social media in Israel – Facebook and 'X' (formerly Twitter) – were inundated with short posts, which were also allegedly written by Israeli users, accompanied by eye-catching graphics, usually involving a caricature. All of these used sophisticated methods to portray Russian messages, but obviously without any noticeable Russian signature. The Russians bought the posts via Facebook's online publicity shop, and an army of chatbots reverberated and shared them in order to afford them authenticity, Rakov explains. Due to Meta's transparency policy, it is possible to uncover this scheme, but only in retrospect. In real time, the posts appeared to regular web surfers to be authentic posts of other Israelis who simply sought to express their concern about our country, and so it is not surprising that many of them shared them and even helped some of them go viral, precisely in accordance with the plan concocted somewhere in the dark depths of the Russian security services' misinformation campaigns.

"The Russians' expectations of profiting from Prime Minister Benjamin Netanyahu's return to office were not met. They really hoped that the Right would be an easy target for them, this however was not the case. Netanyahu even failed to phone Putin for two months to hear the Russian president congratulate him on being re-elected, and this was clearly an intentional move. Even later on, until after October 7, they did not speak to one another. Moscow had now come to grasp the fact that the golden era of the flourishing relations with Jerusalem had come to end, and so they decided to exert pressure on Israel via their aggressive influence and disinformation campaign. This will not stop and it will only expand and grow."

"They really do operate according to an orderly, detailed plan," Rakov stresses, and points out that he managed to lay his hands on the plan, or more accurately the proposed plan of action. The three campaign objectives, listed below, that appear in it constitute blatant intervention in Israel's internal affairs: to drive a wedge between Jerusalem and Washington, to cause Israel to adopt a policy that is more palatable for Moscow, and to force it to refrain from providing Ukraine with any diplomatic or military support.

Rakov admits that as a regular Facebook user, he himself was not subjected to the publicity of the Russian campaign by the algorithm. He imagines that his internet profile, as it is reflected on social media, is not appropriate for the target profile defined by whichever Russian figure is behind the campaign. Who then is an appropriate figure for being targeted? For example, marginal groups such as conspiracy aficionados. "These are groups that tend to believe in sensational news, and so they are much more gullible and prone to be influenced," Rakov claims and reminds us that during the Covid-19 pandemic, the Russians were involved in a relentless effort to promote opposition to the inoculations and they stirred up anti-vaccine feelings, with a view to increasing the sense of discontent and chaos in those countries singled out by them as rivals.

"Even prior to the outbreak of the COVID-19 pandemic, the Russians were busy spreading conspiracy theories designed to create and intensify the opposition to the vaccines, and once the pandemic was already underway, this became much easier, as COVID-19 aroused genuine concern and strong emotional responses," he explains, "I began to take an in-depth look at the issue of the Russian influence on the web and its ability to spread disinformation some years ago already. At that time, I came across a number of figures who appeared to be pro-Russian influencers par excellence, but there were no unequivocal signs of an organized campaign, certainly not in Hebrew. The new element now is that they are exerting relentless pressure via the influence campaign in Hebrew: somebody is taking the trouble to operate it in a language that does not boast masses of users globally, to say the least. This might be the result of a combination of the need and the accessibility of the modern technology, the AI tools, which have made this subversive activity in foreign languages, such as Hebrew, into a much easier and mainly much less expensive method.

"The overall idea is to take advantage of the rapidly changing news agenda in Israel, both in relation to domestic and foreign issues – mainly pertaining to Israel's relations with the USA and Europe, and to fraudulently plant propaganda messages in the news. To forcibly forge a link between burning issues in Israel and the line that corresponds with Russian policy, so as to explain that it is worthwhile for Israel to engage in conduct that is in line with the Russian interest, and all of this is to be attained without even mentioning Russia at all."

Q: What are the messages being put forward by the campaign?

"One of the key messages, even prior to October 7, was that the entire world is against Israel, that everybody has abandoned us, leaving us to our own dire fate, and so we should concentrate our efforts on our own affairs alone rather than looking farther afield, in other words, Ukraine. Additional, supporting messages were added to this: 'Providing aid to Ukraine will cost Israel a lot of money,' 'Ukraine is a backstabber,' 'the Ukrainians are Nazis,' and so on. Following the October 7 attacks, the Russians began to strike on the most sensitive chords of Israel's raw and wounded soul, with a great degree of cynicism. For example, they used the campaign to disseminate a completely fake 'news item', claiming that the weapon systems supplied to Ukraine by the West had been or were to be transferred from Ukraine to Gaza, and in the initial days following the horrific October 7 massacre, they ran with this fake news story, pushing it extremely hard. The result of this concerted effort was so successful that it managed to ensnare many believers and was even echoed on the broadcasts of Israel's national Kan 11 channel, even though it didn't contain one iota of truth."

In other cases, the Russian campaign did actually base its stories on a grain of truth, but it distorted it to such an extent for its own needs that nothing remained of that original minutely small grain of truth. Rakov: "Take, for example, the popular grievance in Israel against the current US administration of President Joe Biden, that it is not providing Israel with sufficient support and thus in effect placing obstacles on Israel's path to victory over the enemy. This is a genuine claim and many Israelis share that view, and it is precisely because of that the Russians have 'jumped on the bandwagon' and are trying to exploit this as far as possible. Their message is both extremely Machiavellian and infuriating: it calls on Israel not to build any partnership with the 'double-dealing' Washington, that the Americans are 'betraying Israel and support the Palestinians,' thus subtly implying that Israel would do well to align with Moscow's interests – this is the very same Moscow that stands by Israel's bitterest enemies, arms them to the teeth, promotes staunchly anti-Israel resolutions in the UN Security Council and is continually trumpeting the false accusation that Israel is perpetrating genocide. The same Moscow that hosted the Hamas leadership, even after the October 7 massacre, and refuses to consider either Hamas or the Palestinian Islamic Jihad (PIJ) as terrorist organizations. If the Biden administration is two-faced, then the 2024 model Putin regime has only one face – an extremely ugly, anti-Israeli face."

Playing on the rifts

It is important to demonstrate just how the Russian campaign deftly maneuvers between the Right and the left in Israel, skillfully tailoring for each political camp those messages that it will readily identify with. "Prior to October 7, as long as the judicial reform and the attempts of its opponents to stymie it were still occupying pole position on Israel's national agenda, the Russian influence campaign compared the demonstrations in Israel with Kyiv's central square, Maidan Nezalezhnosti (Independence Square), in other words, it ostensibly picked sides and elected to support the Right," explains Rakov.

However, this is only an apparent, facade of support, as the main component of right-wing ideology in Israel – the Jewish people's absolute right to the land – is completely opposed to Russia's stance, and it is actually constantly working at full throttle against this, which should really define it as an ideological partner for Israel's left wing. Following October 7, this gap became substantially wider: The right wing in Israel is demanding to continue with the war effort until total victory is achieved over its enemies, while the Russians demand and are trying hard to stop the war and to save Hamas.

Rakov provides an explanation: "The Russians do not actually support any political camp, but they are simply seeking to increase and intensify the existing rifts and discord in Israel in order to exploit them for their own benefit. They did not seek to promote or prevent the judicial reform in Israel, but just hoped to push Israel further down the slope towards the abyss of internal conflict, so that it would not be able to adopt a foreign policy that is opposed to the will and whim of the Kremlin.

"This is how the influence campaign works – the Russians identify the genuine issues that are preoccupying Israeli society, and they then cunningly use these issues to promote the Russian interest, which is completely detached from Israel's affairs. Increasing internal schisms and fragmentation and fanning the flames of discontent are a typical mode of the subversive operations conducted by Russia in other places around the globe too. They fully appreciate that when a specific country is plagued by polarization, and there are significant rifts, the government of that state is forced to focus its efforts on addressing those rifts and thus finds it difficult to make any decisions that are subject to broad dispute, it then develops into a feeble government, which is always a valuable positive for the Russians. The overall atmosphere in a country torn apart by such strife turns it into easy prey for external intervention. Israel is thus a location that almost automatically invites such intervention, as we are a society dogged by dispute and strife, so that a foreign power has absolutely no need to make any effort to invent any rifts, all it has to do is to exploit the existing, authentic divisions, which generate strong authentic emotions. It is precisely these emotions that Moscow is trying to capitalize on in order to address its own needs."

It is in this context that Rakov presents his key scoop – the precise timing at which the Russians decided to begin their disinformation campaign in Hebrew, and the explanation for that timing: "The Russians' expectations of profiting from Prime Minister Benjamin Netanyahu's return to office were not met. They really hoped that the Right would be an easy target for them, this however was not the case. Netanyahu even failed to phone Putin for two months to hear the Russian president congratulate him on being re-elected, and this was clearly an intentional move. Even later on, until after October 7, they did not speak to one another. Moscow had now come to grasp the fact that the golden era of the flourishing relations with Jerusalem had come to end, and so they decided to exert pressure on Israel via their aggressive influence and disinformation campaign. This will not stop and it will only expand and grow."

Q: What are the metrics for the influence campaign's success as far as the Russians are concerned?

"The exposure of the original dashboards used by the organizers of the influence campaign by the European intelligence service gives us a rare glimpse into the Russian way of thinking. These dashboards portray, week after week, the real data that are of interest to them and which are measured on a permanent basis. First and foremost, these are the parameters that any marketing manager of a publicity campaign would be measuring and monitoring: exposure data and the number of visits, shares and clicks on links. On the next level, as is the case in any enterprise or plant – and as far as the Russians are concerned this is a plant that 'manufactures' influence – the quantitative results of production are measured and monitored: how many posts have been manufactured by one department, how many graphics have been manufactured by another department, and how any websites has an additional department built. We should not underestimate the seriousness of this overall apparatus, which includes a dedicated creative team, a team in charge of statistical data collection, and even a team whose job is to conduct research and polls.

"In addition, the Russians have displayed an extremely robust ability to learn, as they regularly check which posts work and which don't. The campaign is becoming more and more sophisticated and responds to changes or attempts to block it. Thus, for example, the Russians now prefer to use fewer caricatures, as the mechanism employed by Facebook succeeds in identifying them and thus turn them into suspect posts. In place of caricatures, they have opted for other graphic means. They are constantly improving the language they use and are perhaps even employing somebody here who is helping them with their efforts to write content. At least according to the document that I have, they are supposed to employ Israeli field correspondents.

Q: Dry quantitative data do not necessarily tell us whether an influence campaign has actually attained its political objectives.

"Correct. It is very difficult to isolate and measure the specific effectiveness of foreign influence. But the Russians firmly believe in this tool and they are convinced that it works when employed en masse and over the course of time. In a certain sense, this might make it easier for the designers of the Russian campaign and their managers to report mass successes up the chain. They can present the increasing viewing data and thus take pride in the fact that the campaign is achieving its goals. Is Israel supplying arms to Ukraine? The fact is that Israel is not doing so. Are the relations between Israel and the USA not at their best? That is indeed the current situation. There you are – we have succeeded, they will be able to tell their superiors."

Q: Who are those superiors?

"The Russian influence campaign is headed by an extremely powerful individual – the First Deputy Chief of Staff of the Presidential Administration of Russia, Sergey Kiriyenko. Kiriyenko is a representative of the most powerful group in Russia today, which comprises both oligarchs, such as the Kovalchuk brothers, and the controlling figures in the security services, the atomic industry and the business world. Another representative from this group was recently appointed Chairman of the Accounts Chamber of the Russian Federation, a position akin to our State Comptroller. In slightly less diplomatic terms, via this mechanism they have both senior government officials and the business elite over a barrel."

They like to take risks

The damage incurred by Israel as a result of Russia's propaganda activity is often invisible, but it is definitely felt. Rakov: "Firstly, from my conversations with colleagues in other locations where Russia's disinformation machine have been put to work, we know that after they operate over a prolonged period of time, they tend to undermine the local population's trust in their state and its institutions. They become accustomed to not believing the official line at all. If this is not sufficient, then part of the Russian influence campaign across the international media is really capitalizing on Israel's tragedy. When the Russians daub the Holocaust Memorial in Paris with graffiti depicting bloodied hands in the style of the terrorists who conducted the lynch against Vadim Nurzhitz and Yossi Avrahami – may God avenge them – in Ramallah in 2000, or they mark houses in France with the Magen David, as if this were in preparation for carrying out a pogrom, and then the influence campaign reverberates this, it could easily lead to attacks on Jews. Beyond that, it is important to remember that the current influence campaign is not a lone-standing, isolated tool. In addition to it, there are numerous other weapons available in Russia's arsenal of subversion, and Russia is not afraid to use them.

"For example, they operate a number of TV channels in Russian and other languages, and millions of people in other countries watch them and are highly susceptible to the disinformation broadcast by them, which may shape their way of thinking and their view of reality. I, for example, can see my father-in-law and mother-in-law, both of whom are Israelis of Ukrainian descent, opposing the Russian invasion, but avidly continuing to consume the propaganda broadcasts of Russia's state TV channel as part of their cable TV package. Something from these broadcasts certainly manages to permeate and take root. Finally, we know from other spheres that the Russians are perfectly capable of working together with organized crime in order to generate provocations. This is currently a clear and present danger, as the Russian security services feel extremely confident and perhaps even untouchable after two years of upheaval and restructuring."

Q: What are Russia's other MOs?

"There are a multitude of them. One of them is the tendentious use of statements made by well-known senior Israeli figures. The Russians take clips of retired senior IDF commanders, they then subject these clips to 'heavy editing', they remove parts that are either irrelevant to the context or even oppose the overall context, and thus in effect they create a propaganda product under the compelling title of 'Israeli general recommends that Ukraine should surrender.' Another trick is to phone Israeli experts and ask to supposedly interview them. In this case too, the 'interview' is edited to provide a 'slanted' or 'loaded' product and is then later presented as an authentic clip of the interview in support of the Russian stance. The editors of these interviews are usually investigative journalists working for Russian media outlets, and alongside their day job they also work for the Russian influence and disinformation campaign.

"Many have fallen into this trap: a reserve IAF brigadier general who participated in the strike on the nuclear reactor in Iraq back in 1981, Israel's former ambassador to Moldova, another former security official who appears on the media on numerous occasions. You would expect that such people, with their experience and background in the security establishment, would be equipped with a heightened sense of caution as second nature, but such an expectation is clearly too much. Afterwards, go and look for the person who interviewed you. By the way, on more than one occasion these clips have turned up in Russian campaigns in other theaters and countries too, as a statement made by a senior Israeli caries considerable weight. On the whole, the Russians invest efforts to study the Israeli theater – if and when they elect to expand their operations and to intensify them, they will readily be able to do so."

Q: When is this likely to occur?

"If and when we carry out actions that the Russians are particularly not fond of, especially if Israel is in a crisis that makes it much more vulnerable. If we decide to wage war on Hezbollah in the north and we hit the Russians, then their entire influence and disinformation mechanism will be turned against us. Israel is not currently at the focus of the Russian campaign, and only 5-6 percent of its products are directed at the Israeli population. Based on our experience in other locations, election campaigns tend to lead to a rise in Russian intervention. This doesn't mean that the Russians are necessarily constantly trying to promote a candidate or a party list. The very fact that they are engaged in this effort causes damage to the country that they have chosen as a target. Just take a look at the USA: former President Donald Trump was forced to spend the four years of his term of office under constant investigation and with a large cloud looming over the legitimacy of his administration, only because the Russian influence and disinformation machine, which was then headed by Yevgeny Prigozhin, the founder of the infamous Wagner Group, who has since died, and the Foreign Intelligence Service of the Russian Federation, the SVR, leaked the documents of the Democratic Party, creating the impression that the Russians were aiding the Republicans.

"The Russians take clips of retired senior IDF commanders, they then subject these clips to 'heavy editing', they remove parts that are either irrelevant to the context or even oppose the overall context, and thus in effect they create a propaganda product under the compelling title of 'Israeli general recommends that Ukraine should surrender.' Another trick is to phone Israeli experts and ask to supposedly interview them. In this case too, the 'interview' is edited to provide a 'slanted' or 'loaded' product and is then later presented as an authentic clip of the interview in support of the Russian stance. The editors of these interviews are usually investigative journalists working for Russian media outlets, and alongside their day job they also work for the Russian influence and disinformation campaign.

"Having said that, we cannot rule out the possibility that under certain scenarios, they will try to help whatever political party they deem to be of use to them, and then all the resources will be channeled into that particular objective. They like to take risks, for example, to have somebody run who is sufficiently desperate to accept their help. I have come across an individual who made aliyah about six months prior to the outbreak of the war in Ukraine, after working in the Kremlin in the field of political influence. He was traveling around Israel, captivated by the dream of establishing a list here that would unite the entire 'Russian street', and he became obsessed with the idea that this would be able to either throne or dethrone a government."

Q: Why has Israel not yet opted to take action to curb these Russian attempts to sow disinformation?

"The security authorities did approach the Russians with a demand to cease their activity, but the Russians ignored this and they continue to operate here full steam ahead. Although Facebook does remove the Russians' propaganda posts, as this in breach of its policy (the paid publisher of the post must declare its political content, which of course the Russians fail to do), but then new posts reappear in no time at all. The Chinese, the Iranians, Hamas and other Sunni groups too are all engaged in efforts to operate propaganda machines, but countries such as Russia have greater power and resources. In Israel, in contrast to other countries, the authorities have yet to attribute the appropriate degree of gravity to this threat. In France, for example, there is a dedicated government agency tasked with fighting against disinformation, and in other countries too this issue is afforded priority treatment by the local security establishment. In Israel, unfortunately, this is not yet the case."

The post Exposed: How Russia tries to exert influence on public opinion in Israel appeared first on www.israelhayom.com.

The hacker group that has claimed responsibility for the breach at the Mayanei HaYeshua Medical Center in central Israel earlier this month has issued an ultimatum to the facility, threatening to reveal sensitive medical files that include the prime minister, MKs, senior rabbis, and other known figures in the Haredi word if its demands are not met. 

Follow Israel Hayom on Facebook, Twitter, and Instagram

According to Israel Hayom sources, the hackers demand tens of millions of shekels. The group claims that it has obtained access to hundreds of thousands of digital files due to the breach, including psychiatric evaluations and various checkups that could reveal private medical conditions among Haredi wheelers and dealers. The concern is that this would become a 'Haredi WikiLeaks' that could jolt the community. 

Prime Minister Benjamin Netanyahu underwent prostate-related treatment at the facility in 2015, although it is unclear if that file was breached in the recent cyberattack. 

Video: Maayanei Hayeshua Medical Center responds to cyber attack

The hospital sent the following statement to Israel Hayom: "Over the past week, the cyber experts from the Health Ministry, the National Cyber Directorate and the hospital have been investigating the attack, and this includes an evaluation as to the scope of the breach and its implications. There have been no negotiations of any kind with the hackers, and as we have said right after the attack happened, this incident is financially motivated. We will provide more details s we get them." 

Israel Hayom has learned that the authorities have looked into the possibility that this was cyberterrorism that was orchestrated by hostile elements rather than the hacker group Ranger Locker

An Israel Hayom has asked the Health Ministry whether an urgent meeting with senior officials was called in order to handle the potential revelations about israeli politicians, as our reporting indicates, but the ministry denied this outright. The National Cyber Directorate refused to provide a comment on this question. 

Subscribe to Israel Hayom's daily newsletter and never miss our top stories!

The post Hackers threaten publishing sensitive medical data on politicians, Haredi leaders appeared first on www.israelhayom.com.

A cyberattack on Sunday disrupted access to Iran's privately owned Mahan Air, state TV reported, marking the latest in a series of cyberattacks on Iranian infrastructure that has put the country on edge.

Follow Israel Hayom on Facebook and Twitter

Mahan Air's website displayed an error message saying the site couldn't be reached. The carrier said in a statement that it had "thwarted" the attack and that its flight schedule had not been affected, adding it has faced similar breaches in the past.

"Our cybersecurity team worked with total efficiency to thwart the attack. For us, this was a routine incident, and this was not the first time attacks like this have taken place," a Mahan Air spokesperson told the country's Fars News Agency.

Many customers of Mahan Air across Iran received strange text messages on Sunday. A group calling itself Hoosyarane-Vatan, or Observants of Fatherland, claimed in the mass texts to have carried out the attack, citing the airline's cooperation with Iran's paramilitary Revolutionary Guard. The self-described hacking group did not provide any evidence.

Mahan Air flies from Tehran to a few dozen destinations in Asia, Europe and the Middle East. The United States Treasury Department, which polices compliance with sanctions, blacklisted the airline in 2011 for allegedly "providing financial, material and technological support" to the Revolutionary Guard's elite Quds Force, responsible for the Islamic Republic's campaigns abroad. The Treasury has accused Mahan Air of ferrying weapons, goods and personnel to Hezbollah in Lebanon.

Major cyberattacks have struck various Iranian systems in recent months, with one in October crippling gas stations across the country, leaving angry motorists stranded in long lines unable to use their government-issued cards to buy subsidized fuel. Without naming a specific country, Iranian President Ebrahim Raisi blamed the hack on anti-Iranian forces seeking to sow disorder and disruption.

Another attack targeted the railroad system, causing mass confusion with scores of trains delayed and canceled across Iran.

Subscribe to Israel Hayom's daily newsletter and never miss our top stories!

The post Iran's Mahan Air targeted in cyberattack appeared first on www.israelhayom.com.

Omri Goren, a cleaner formerly employed at the home of Defense Minister Benny Gantz, allegedly offered to spy on Gantz for the Iranians for a mere $7,000.

Follow Israel Hayom on Facebook and Twitter

Goren, 37, supposedly told the Iranian-affiliated hacker group Black Shadow that he would install a "worm" on Gantz's computer. According to prosecutors, after a representative of the group voiced doubt about Goren's capabilities, the cleaner photographed Gantz's desk, his computers, his telephone, some packaging on which the computer's IP address appeared, and Gantz's city tax bill.

As revealed by Israel Hayom, Goren and his wife were the owners of a cleaning services company. Some of their other clients reported that the couple were clearly in financial distress.

The would-be espionage comprises a failure on the part of the Shin Bet, whose agents did not conduct a security background check on the Gorens before they were allowed into Gantz's home to clean.

It would have taken a mere Google search to discover that Goren was a criminal who had been convicted in 14 different cases, on charges that included armed robbery, breaking and entering, and theft.

The Shin Bet has accepted responsibility for the incident and reported that it had not resulted in any harm to national security or defense. The agency said it was drawing immediate conclusions, although it was not clear whether any individuals involved would be held personally accountable.

Subscribe to Israel Hayom's daily newsletter and never miss our top stories!

The post Defense minister's cleaner reportedly planned to charge Iran bargain-basement rate appeared first on www.israelhayom.com.

Black Shadow, the hacker group that threatened to leak the data obtained from gay dating app Atraf if a ransom of $1 million was not paid, claimed to have uploaded the entire user database after its demands were rejected.

Follow Israel Hayom on Facebook and Twitter

The Iranian-linked hacker group claimed it had managed to access data from various sites and apps serviced by Cyberserve, a web hosting company that provides other companies with servers and data storage throughout a wide range of industries.

The group had originally promised that it would not leak the private information of approximately a million people registered to the LGBT dating app if it was paid the ransom in full. They failed to mention what was going to happen to the data garnered from other companies and institutions.

After the deadline had passed, the hacker group announced their intention to follow through on the threat on Telegram, communicating in broken English.

"48 hours ended! Nobody send us money. They try to chat us, we will show you our chats. Data will be uploaded soon. But this is not the end, we have more plan," wrote the group. They then proceeded to upload screenshots of chats they purport took place between them and CyberServe, in which a counteroffer of $250,000 in bitcoin was made but seemingly rejected by the hackers.

"Do u really want to mess up with [the] Israel government, because this will end badly for u," wrote the alleged representative after signs that the group had no desire to accept their counteroffer, even after it had been raised to $350,000 in bitcoin. He also warned them of Israeli "cybercrime investigators", saying they would come after them, to no avail.

Cyberserve denied claims by Black Shadow that the screenshots represent a delegate of their company, emphasizing that they have not nor do they intend to conduct any sort of negotiations with the group.

Subscribe to Israel Hayom's daily newsletter and never miss our top stories!

The post Hackers claim to release entire database of LGBT dating app appeared first on www.israelhayom.com.

Facebook said on Thursday it had taken down about 200 accounts run by a group of hackers in Iran as part of a cyber-spying operation that targeted mostly US military personnel and people working at defense and aerospace companies.

Follow Israel Hayom on Facebook and Twitter

The social media giant said the group, dubbed 'Tortoiseshell' by security experts, used fake online personas to connect with targets, build trust sometimes over the course of several months, and drive them onto other sites where they were tricked into clicking malicious links that infected their devices with malware.

"This activity had the hallmarks of a well-resourced and persistent operation while relying on relatively strong operational security measures to hide who's behind it," Facebook's investigations team said in a blog post.

The group, Facebook said, made fictitious profiles across multiple social media platforms to appear more credible, often posing as recruiters or employees of aerospace and defense companies. Microsoft-owned LinkedIn said it had removed a number of accounts, and Twitter said it was "actively investigating" the information in Facebook's report.

Facebook said the group used email, messaging, and collaboration services to distribute the malware, including through malicious Microsoft Excel spreadsheets. A Microsoft spokesperson said in a statement it was aware of and tracking the actor and that it takes action when it detects malicious activity.

Alphabet Inc's Google said it had detected and blocked phishing on Gmail and issued warnings to its users. Workplace messaging app Slack Technologies Inc said it had acted to take down the hackers who used the site for social engineering and shut down all Workspaces that violated its rules.

The hackers also used tailored domains to attract its targets, Facebook said, including fake recruiting websites for defense companies, and set up online infrastructure that spoofed a legitimate job search website for the US Department of Labor.

Facebook said the hackers mostly targeted people in the United States, as well as some in the United Kingdom and Europe, in a campaign running since mid-2020. It declined to name the companies whose employees were targeted, but its head of cyber espionage, Mike Dvilyanski, said it was notifying the "fewer than 200 individuals" who were targeted.

The campaign appeared to show an expansion of the group's activity, which had previously been reported to concentrate mostly on IT and other industries in the Middle East, according to Facebook. The investigation found that a portion of the malware used by the group was developed by Mahak Rayan Afraz, a Tehran-based IT company with ties to the Islamic Revolutionary Guard Corps.

Reuters could not immediately locate contact information for Mahak Rayan Afraz, and former employees of the firm did not immediately return messages sent via LinkedIn. Iran's mission to the United Nations in New York did not immediately respond to a request for comment.

MRA's alleged connection to Iranian state cyber espionage is not new. Last year, cybersecurity company Recorded Future said MRA was one of several contractors suspected of serving the IRGC's elite Quds Force.

Iranian government spies have long been suspected of farming out their mission to a host of domestic contractors.

Facebook said it had blocked the malicious domains from being shared and Google said it had added the domains to its "blocklist."

Subscribe to Israel Hayom's daily newsletter and never miss our top stories!

The post Facebook says Iranian hackers used site to spy on US troops appeared first on www.israelhayom.com.

A global cyberattack launched last week from over 1,300 locations was exposed by Israeli security researchers Liad Mordekovitz and Ophir Harpaz from the Guardicore cybersecurity company.

Follow Israel Hayom on Facebook and Twitter

The main target of the cyberattack were servers of companies and organizations in the health, tourism, media, and education sectors, including hospitals, hotels, schools, and government agencies, mostly in the US, Vietnam, and India.

In all, the attack targeted over 2,000 entities. Hackers used the servers as a base from which to cause harm to additional companies, decentralizing the attack to make themselves harder to trace.

Servers breached in the attack used Microsoft's SMB protocol. The attackers created a "backdoor" that allowed them to penetrate the servers repeatedly and sell the access on the dark web. According to some assessments, every compromised Windows server is worth hundreds of dollars, which adds up to a significant sum.

The purpose of the attack? To harness the servers to mine digital currency, install Trojan horses, and collect information. The hackers were also able to employ advanced methods of eradicating other hackers' malware found on the servers so they could have exclusive "use" of them. The hackers also took care to delete their own files after use.

Guardicore researchers published a tool that would help heads of cybersecurity identify whether their organizations' systems had fallen prey to the attack, along with recommendation about how to protect their systems from similar attacks.

Guardicore, founded in 2013, develops a software-based cybersecurity solution that is detached from a physical network. The company describes its offering as a "faster, more cost-effective alternative to firewalls." The company employees over 270 worker, over half of whom at its R&D center in Israel, with the rest of its personnel at sales and support offices in the US, Canada, South America, India, western Europe, and the Ukraine.

Subscribe to Israel Hayom's daily newsletter and never miss our top stories!

The post Israeli cybersecurity researchers expose worldwide hacking scheme appeared first on www.israelhayom.com.

Iranian hackers reportedly broke into the computer system of clothing retailer H&M Israel and are threatening to release customer data, Israeli media reported on Sunday.

Follow Israel Hayom on Facebook and Twitter

An Iranian hacker group identified as "N3tw0rm" has warned that it could release 110 gigabytes of data belonging to H&M Israel unless its demands, which have not been publicly specified, are met.

Several other Israeli companies have recently been targeted in similar cyberattacks.

In December, Iranian hackers claimed to have carried out a cyberattack against Israel Aerospace Industries.

That cyber group, known as Pay2Key, published on its website a list of users of company Elta Systems as proof for breaching its system.

According to Kan 11 News, the attackers boasted about their alleged success on the dark web, coyly alluding to their ability to encroach any cyber defense.

Cyber researcher Jackie Eltal estimated that if the hackers gained access to users' information, they probably hold onto more sensitive information from Elta Systems' database, Kan reported.

This article was first published by i24NEWS.

Subscribe to Israel Hayom's daily newsletter and never miss our top stories!

The post Iranian hackers: We cracked computers of H&M fashion chain in Israel appeared first on www.israelhayom.com.