Security News

Website of Israel's largest oil refinery operator, BAZAN Group is inaccessible from most parts of the world as threat actors claim to have hacked the Group's cyber systems. The Haifa Bay-based BAZAN Group, formerly Oil Refineries Ltd., generates over $13.5 billion in annual revenue and employs more than 1,800 people.

Website of Israel's largest oil refinery operator, BAZAN Group is inaccessible from most parts of the world as threat actors claim to have hacked the Group's cyber systems. The Haifa Bay-based BAZAN Group, formerly Oil Refineries Ltd., generates over $13.5 billion in annual revenue and employs more than 1,800 people.

A threat group based in Israel is behind attacks in recent weeks, according to a report from email security firm Abnormal Security. Mike Britton, the chief information security officer at Abnormal, said that while it is not unexpected that sophisticated threat actors would emerge from a skilled, innovative technology ecosystem, Asia, Israel - in fact the Middle East, generally - are bases for BEC attackers.

An Iranian nation-state threat actor has been linked to a new wave of phishing attacks targeting Israel that's designed to deploy an updated version of a backdoor called PowerLess. The attack chain documented by Check Point begins with an ISO disk image file that makes use of Iraq-themed lures to drop a custom in-memory downloader that ultimately launches the PowerLess implant.

Experts say the attacks demonstrate the risk that fairly unsophisticated attacks pose even to well-defended enterprises and that other countries should take notice and prepare. Starting before the annual OpIsrael hacktivist assault on Israeli enterprises from April 6 to 9, Israel experienced recent attacks by Russian entities like Killnet and Anonymous Sudan, a cybersecurity bugbear for Israel this year.

It's also suspected that the company abused a zero-click exploit dubbed ENDOFDAYS in iOS 14 to deploy spyware as a zero-day in version 14.4 and 14.4.2. While QuaDream is not directly involved in targeting, it is known to sell its "Exploitation services and malware" to government customers, the tech giant assessed with high confidence.

The pro-Russia hacker group NoName057(16) reportedly claimed it was behind Denial of Service attacks against the Finnish parliament's website on Tuesday, the day the country joined NATO. The country's Technical Research Centre of Finland was also hacked, according to Finnish news site, YLE. NoName057(16) is the same group that took responsibility for a distributed denial of service attack, taking down the website for the country's parliament last August, and who also attacked Ukraine, the U.S., Poland and other European countries. In a new study, Unveiling the New Threat Landscape, NetScout said that the U.S. national security sector experienced a 16,815% increase in DDoS attacks in the second half of 2022, many related to Killnet.

A new ransomware group going by the name 'DarkBit' has hit Technion - Israel Institute of Technology, one of Israel's leading research universities. The ransom note posted by DarkBit is littered with messaging protesting tech layoffs and promoting anti-Israel rhetoric, as well as the group demanding a $1.7 million payment.

A new ransomware group going by the name 'DarkBit' has hit Technion - Israel Institute of Technology, one of Israel's leading research universities. The ransom note posted by DarkBit is littered with messaging protesting tech layoffs and promoting anti-Israel rhetoric, as well as the group demanding a $1.7 million payment.

The social media conglomerate also took steps to disable accounts and block infrastructure operated by spyware vendors, including in China, Russia, Israel, the U.S. and India, that targeted individuals in about 200 countries. A second set of 250 accounts on Facebook and Instagram linked to another Israeli company called QuaDream was found "Engaged in a similar testing activity between their own fake accounts, targeting Android and iOS devices in what we assess to be an attempt to test capabilities to exfiltrate various types of data including messages, images, video and audio files, and geolocation."