Esme brings a wealth of knowledge and experience to our website, specializing in all aspects of DarkWeb security. With a deep understanding of the intricate workings of the DarkWeb and its associated cybersecurity risks, Esme curates insightful and informative content for our readers.
Latest posts by Esme Greene (see all)
- Ukraine Police Bust Fraud Scheme - October 15, 2023
- Saudi Man Sentenced for X & YouTube - October 15, 2023
- Pro-Russia Hackers Leak Military Data - October 15, 2023
According to a security researcher who declined to be identified, the INCD official’s stolen credentials were discovered in mid-June in an open Telegram group renowned for distributing archives of passwords, crypto wallet keys, and other private information stolen from machines contaminated with the RedLine password stealing malware.
What is Known About the Breach
The cache, which was presented as a nondescript archive file holding the credentials of hundreds of victims, including the top INCD officer, was viewed by the researchers in a public Telegram thread. The cache comprised saved credentials, credit card details, and auto-filled passwords from the official’s home computer, including passwords for threat detection services and other internal Israeli government networks used by the senior official.
An image of the official’s personal computer obtained during the hack and included in the cache of stolen credentials shows the INCD official inadvertently infecting their home machine with the RedLine malware. The photo notably shows a virtual machine running FlareVM, a specialized software used by security experts for reverse-engineering and studying malware, with a sample of RedLine on its desktop.
RedLine is a well-known password-stealing malware that was linked to last year’s Uber hack and the loss of login information from Worldcoin Orb operators. The INCD is in charge of protecting Israel’s cyberspace from cyberattacks. When questioned about the event, INCD stated that the agency official “reported in keeping with our established security protocols,” but did not specify when or how long after the incident was reported.
“Following the event, the INCD launched a thorough investigation, which confirmed that there was no breach to our well-secured organizational network,” stated Libi Oz, an INCD representative. “The incident occurred on a private computer that was disconnected and isolated from the organization’s network, ensuring the necessary separation of personal and work-related digital spaces.” Furthermore, no critical information was kept on it,” the representative noted.
According to INCD, it “routinely implements a complex security structure in the corporate network that involves multi-factor authentication along with additional regulations to successfully avoid and reduce the possible impact of such incidents.”