Gaby Portnoy, head of the Israel National Cyber Directorate (INCD), will expose the identities of hackers affiliated with the Iranian cyberattack group known as Black Shadow — operating on behalf of the Iranian Intelligence Ministry — as part of the Israeli technology conference Cybertech Global Tel Aviv.
The hacker group’s moniker has been reported on several times in Israel as responsible for a series of cyber-attacks against Israeli companies and targets and is also known by other aliases including Agrius and Malek Team.
The group operates undercover in offices located in Tehran. At first glance, the hacker’s front as a technology company located in a bustling business district appears like any typical high-tech company. However, the workers aren’t engaged in support services, computing, or IT, but rather in planned and systemic cyberattack operations against Israeli organizations.
According to information presented by Portnoy, a company established in 2013 that allegedly operates in the IT support and software development field serves as the hacker group’s front. The company's employees, both men and women, engage in launching cyberattacks on organizations in Israel on behalf of the Iranian Intelligence Ministry and operate under pseudonyms.
Their activities resemble those of several other state-sponsored hacker groups around the world. In Russia, China, or North Korea, it is common to conceal cyberattack activities against countries or enemies under the guise of commercial activity, often in the technology sector.
Against the backdrop of the war in Gaza, the hacker group attempted to attack a wide range of sectors in Israel, including organizations in academia, tourism, media, finance, transportation, health, government, and technology.
The scope of the group's activity increased during the war, alongside those of other hacker groups from Iran and other countries including Russia, Lebanon, Syria, Indonesia, Pakistan, and Bangladesh.
Despite efforts to cause damage, the group's recent ability to significantly impact Israel’s economy has been diminished. The group operates in cooperation with Iran-backed Hezbollah’s own cyberattack group, known as Lebanese Cedar.
The Black Shadow group has been very active in attacking Israel. It stood behind the attacks on Israeli company CyberServe three years ago and was responsible for publicly exposing the personal details of thousands of LGBT community members in Israel after stealing data from the Atraf dating service.
It also attacked Ziv Hospital in Safed twice last November, with the second attempt being successfully blocked by the Israel National Cyber Directorate.
The Black Shadow group was recently exposed in Iranian media on the Iran International website, associated with the country’s opposition factions, including the group’s location, names, and photos of the company’s employees.
However, it’s still unclear how much this exposure will aid in limiting the group’s activity, but it’s likely to be less involved in cyberattacks involving the Iranian regime. The exposure of the group's activities comes against the backdrop of the numerous threats made by Iranian factions against Israel following an attack in Syria attributed to Israel in which several Iranian officers were killed.
Foreign bodies associated with Iranian interests have threatened to harm Israel's economy via cyberattacks after the attack. So far, however, no successful attacks have been reported by the Israel National Cyber Directorate barring one against the Justice Ministry which is currently under investigation.