Iran-Linked Hackers’ Telegram Account Blocked After Ransom Demand

The hacking group Black Shadow, which in recent days has been leaking personal information from Israeli websites, removed the channels from the messaging app Telegram on Sunday.

The main Telegram channel of the group allegedly linked to Iran for communicating messages, as well as a separate channel for releasing data, were unavailable Sunday afternoon, just hours after it demanded a new $ 1 million ransom payment in digital currency to stop the leak. .

There was no immediate comment from Telegram on the removal. Previously, controversial channels, such as one belonging to the Gaza-based Hamas terror group, were temporarily removed likely due to massive reports about the group by app users. However, the messaging service has previously denied that mass reporting can remove channels.

The hacking group said Sunday morning in a statement, released via the now-deleted channel, that it was “looking for money” and would not leak further information if the ransom was paid within 48 hours.

The group said the database of the Atraf website, a geolocated nightlife index and dating service, whose app and website are popular with the Israeli LGBT community, contained information on one million people.

“If we have $ 1 million in our [digital] wallet in the next 48 hours, we will not leak this information and we will not sell it to anyone. This is the best we can do, ”the hacker group said, noting that it was in possession of users’ chat content, as well as event tickets and purchase information.

The hackers said no one from the Israeli government or Cyberserve, the Israeli internet hosting company they breached on Friday, contacted them and removed several of their sites, including Atraf.

The hackers said the lack of contact showed it was “obvious [the hack] it’s not a major problem for them. “

A person speaks on the phone during the annual Gay Pride Parade in Jerusalem on June 3, 2021 (Olivier Fitoussi / Flash90).

The names of some Atraf users and their locations have already been published online, as well as the HIV status that some users had included in their profiles.

The Israeli AIDS task force told the Walla news site in a statement that they were deeply concerned by the news.

“The idea that a person’s HIV status can be revealed not by their choice is of great concern to us,” the working group said.

“For many people, this is confidential information that, if exposed, could raise concerns and cause anxiety,” the organization said, and asked the public not to release further personal information revealed in the leak.

The data breach has also concerned those who have not publicly disclosed their sexual orientation or gender identification.

One person, named only as “A”, told Walla that he would “destroy” them if intimate information and photos leaked online.

“Since I found out about this trick, I can’t stop thinking about it. I have intimate photographs and sexual correspondence there, and it would destroy me if they ever came to my family, ”they said. “I browse the site and buy party tickets from there too, as well as the haunting part of being [outed], there is also the question of my credit card and my identity data. It’s just terrifying. “

The hackers said the information leaked online so far represented only 1 percent of the data acquired in the breach.

Illustrative. Computer hacking, hackers, ransomware, and a cybersecurity attack. (solarseven; iStock from Getty Images)

The cyberattack also affected websites, including those of Israeli public transport companies Dan and Kavim, a children’s museum and an online public radio blog, the sites of which are still available to users at noon Sunday. The attack also targeted the tourism company Pegasus, and Doctor Ticket, a service that could have sensitive medical data, according to Hebrew media.

Black Shadow claimed responsibility for the attack and posted what it said was customer data, including the names, email addresses and phone numbers of Kavim’s customers, on the messaging app Telegram.

Hours later, the group said it had not been contacted by the authorities or by Cyberserve, so it released another trove of information, including what it said was data belonging to clients of the Dan transportation company and an agency of travels.

Israeli media said that Black Shadow is a group of hackers linked to Iran who use cyberattacks for criminal purposes.

The group breached Israeli insurance firm Shirbit in December last year, stealing data. He demanded a $ 1 million ransom and began leaking information when the company refused to pay.

The new attack comes after an unprecedented and unclaimed cyber attack wreaked havoc on Iran’s gas distribution system this week, which Tehran officials have blamed on Israel and the United States.

Iran and Israel have been involved in a so-called “shadow war,” which includes several reported attacks on Israeli and Iranian ships that the two have attributed to each other, as well as cyberattacks.

In 2010, the Stuxnet virus, believed to have been engineered by Israel and its ally the United States, infected Iran’s nuclear program and caused a series of breakdowns in centrifuges used to enrich uranium.

You’re serious. We appreciate that!

That’s why we come to work every day, to provide discerning readers like you with must-read coverage on Israel and the Jewish world.

So now we have a request. Unlike other media, we have not installed a pay wall. But because the journalism we do is expensive, we invite readers for whom The Times of Israel has become important to help support our work by joining The Times of Israel Community.

For as little as $ 6 a month, you can help support our quality journalism while enjoying The Times of Israel. AD FREE, in addition to accessing exclusive content available only to members of the Times of Israel community.

Join our community

Join our community

Already a user? Sign in to stop watching this

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *