A hacker group affiliated with Iran announced Sunday morning it managed to steal 11 gigabytes of data from the servers of the Israeli branch of Swedish clothing giant H&M.
The breach comes less than a week after the hacker group, known as N3tw0rm, carried out a similar attack against Israeli logistics firm Veritas and claimed it had managed to extract no less than 9 GB of data from the company's servers.
In both incidents, N3tw0rm threatened to release the stolen data if their demands are not met within three days. The demands in both cases were not made public.
Cybersecurity experts estimate that N3tw0rm is the same Iranian group that previously operated under the name Pay2Key and managed to hack a number of organizations and companies, including Israel Aerospace Industries, Intel and more.
Following the recent attacks, the Israel National Cyber Security Directorate (INCD) issued an alert, coupled with information to help companies identify said cyberattacks and defend against them.
Rafael Franco, former deputy general director at INCD, says that the incident seems to be a prelude to Iran's Jerusalem Day and that further attacks are expected. "The peak is still ahead of us," he said.
Lior Frenkel, CEO of Waterfall Security and chairman of the Manufacturers Association's CyberForum, added that these recent attacks are part of a sharp spike in the number of cyberattacks, mostly ransomware attacks targeting Israeli companies.
In many cases, according to Frenkel, the attackers do not demand more than a few thousand dollars in ransom which companies usually pay up immediately. Due to the seemingly small scale of the attacks, Frenkel says that Iran might not be involved in the recent cybercrime surge hitting businesses in Israel.
Director of INCD's Monitoring & Analysis Center Erez Tidhar also said it was too early to link the attacks to an Iranian group.
"There have been several reports on various channels about companies being attacked by a ransomware virus. There are similar characteristics to a Pay2key attack but that does not mean these are the same attackers,” Tidhar said.
“We issued a warning quickly and revealed the tools used by the attackers. This means that any company that implements our recommendations would avoid this virus. We provide assistance on a country level rather than on a personal level and work in cooperation with cybersecurity companies."
Tidhar added that the lack of any specific demands might mean that the group’s intention is to cause economic harm to attacked companies or simply humiliate them.