Connect with us

Hi, what are you looking for?



Palestinian Hackers Hit 100 Israeli Organizations in Destructive Attacks

A group of claimed Palestinian state cyber warriors has hit over 100 Israeli organizations with wipers and data theft.

Over the past several months, a hacking group named Cyber Toufan has hit over 100 public and private organizations in Israel, as part of an aggressive campaign fueled by the intensifying geopolitical tensions in the region.

Bearing the hallmarks of a sophisticated threat actor and claiming to be formed of Palestinian state cyber warriors, Cyber Toufan rose to fame fast, executing complex cyberattacks against high-profile Israeli entities.

The group’s tactics suggest that Cyber Toufan is likely sponsored by a government, with evidence pointing to potential Iranian involvement, Check Point reported in early December.

“The group has demonstrated superior capabilities compared to other pro-Palestinian linked Hamas hacking groups. Their activities, which focus on breaching servers, databases, and leaking information, strongly suggest support from a nation-state, with indications pointing towards Iran as the likely supporter,” the International Institute for Counter-Terrorism (ICT) was noting in late November.

Security researchers have tracked over 100 intrusions associated with Cyber Toufan’s operations, characterized by the exfiltration of large amounts of data, including personal information, and its release on the web.

“Their attacks have not only led to substantial data leaks but have also served as a form of digital retaliation, aligning with broader strategic objectives in the region,” threat intelligence firm SOC Radar wrote in a report two weeks ago.

To date, security researcher Kevin Beaumont says, the group has leaked on its Telegram channel the data of 59 organizations. However, it likely compromised 40 more in an attack targeting a managed service provider (MSP).  

“Data they have published includes a complete server disk image, SSL certificates with private keys to a host of domains (which still haven’t been revoked and are still in use), SQL and CRM dumps. Even WordPress backups, as apparently people build CRMs on WordPress nowadays,” Beaumont says.

Advertisement. Scroll to continue reading.

Cyber Toufan’s victims include the Israeli National Archive, Israel Innovation Authority, Homecenter Israel, Israel Nature and Parks, The Academic College of Tel Aviv, Israel Ministry of Health, Ministry of Welfare and Social Security, Israel Securities Authority, Allot, MAX Security & Intelligence, Radware, and Toyota Israel.

Some of the victims, Beaumont says, have not been able to recover from the cyberattacks and have been offline for several weeks, likely because the attackers target Linux systems with a wiper.

According to the researcher, Cyber Toufan uses Shred, a legitimate tool, to “delete files in an unrecoverable fashion”. For that, the group runs Shred using their own shell script, to ensure that the tool continues to run even if the process is killed by an administrator.

The group was also seen emailing the victim organizations’ clients, to spread propaganda, and appears to be coordinating with other hacking groups in larger collective operations.

Related: Spyware Caught Masquerading as Israeli Rocket Alert Applications

Related: Hackers Join In on Israel-Hamas War With Disruptive Cyberattacks

Related: Irrigation Systems in Israel Disrupted by Hacker Attacks on ICS

Written By

Ionut Arghire is an international correspondent for SecurityWeek.


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.


SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.


People on the Move

Allied Universal announced that Deanna Steele has joined the company as CISO for North America.

Former DoD CISO Jack Wilmer has been named CEO of defensive and offensive cyber solutions provider SIXGEN.

Certificate lifecycle management firm Sectigo has hired Jason Scott as its CISO.

More People On The Move

Expert Insights

Related Content


WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...


Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.


Russian espionage group Nomadic Octopus infiltrated a Tajikistani telecoms provider to spy on 18 entities, including government officials and public service infrastructures.


Several hacker groups have joined in on the Israel-Hamas war that started over the weekend after the militant group launched a major attack.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...


An engineer recruited by intelligence services reportedly used a water pump to deliver Stuxnet, which reportedly cost $1-2 billion to develop.

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...


The war in Ukraine is the first major conflagration between two technologically advanced powers in the age of cyber. It prompts us to question...