Have the hackers who attacked software company Amital and Intel's AI chips company Habana Labs last week been exposed? A report by Israeli company ClearSky Cyber Security Ltd. confirms the news reports of the past few days that behind the group that publicly claimed responsibility for these two attacks, called Pay2Kitten, are the Iranians.
In the past two weeks, the high-profile cyber attacks have taken place in Israel. It started with a break-in at insurance company Shirbit by a group calling itself BlackShadow. Then came an attack that was thwarted on the servers of Amital Data, an attack that also hit dozens of Amital's customers, followed by the attack on Habana Labs.
In the last case, a group calling itself Pay2Kitten published documents supposedly stolen from Habana Labs on its Twitter account. It was claimed that the documents related to the development of Habana Labs' "Goya" chip.
ClearSky's report indicates a link between Pay2Kitten and Iranian hacker group FoxKitten, described as one of the most active hacker groups against Israeli companies and organizations.
The report explains that Iranian hacker groups are known in the cyber world by the name "kitten". The aim of the hacking campaign, according to the report, is not just to steal information, but also disruption, extortion, theft of money, and perhaps also to spread fear and undermine Israeli morale. The report states that name that the attackers chose for the campaign, "Pay2Kitten", indicates that blackmailed companies transfer money directly to the Iranian hacker group.
It also emerges from the report that the three incidents reported recently are just the tip of the iceberg of an extensive campaign carried out by the Iranians against entities in the Israeli economy. According to ClearSky, the recent attacks against Israel companies are a continuation of attacks against Israeli defense companies a year ago.
" We believe that this campaign is part of the ongoing cyber confrontation between Israel and Iran, with the most recent wave of attacks causing significant damage to some of the affected companies. The entry vector mostly consists of well-known vulnerabilities covered in our Fox Kitten reports throughout the year. The attacks themselves or the abuse of successful attacks to compromise additional companies or service providers were conducted using obfuscating means, making the discovery of the attack more difficult. We assess - with a medium level of confidence - that the Pay2Key campaign is aimed to create panic in Israel.
"The ransomware group pay2key publicly threatened Israel, this might indicate that this operation is only a propaganda campaign to cause fear and to divert attention from Fox Kitten. That would explain the decision to leak the data instead of just demanding ransom. It can also explain why this actor chose to leak the data via public social media platforms and to include threats directed at Israel," the report states.
Published by Globes, Israel business news - en.globes.co.il - on December 17, 2020
© Copyright of Globes Publisher Itonut (1983) Ltd. 2020