- Israel’s Сybersecurity – There Was No Hack After a Senior Official Infected his Personal Computer with Malware - August 31, 2023
- A Manufacturer of Spyware “LetMeSpy” Shuts Offline After a Hacker Wipes Server Data - August 31, 2023
- Hackers Supported by Russia Exploited Microsoft Teams to Breach Federal Agencies - August 31, 2023
According to a security researcher who declined to be identified, the INCD official’s stolen credentials were discovered in mid-June in an open Telegram group renowned for distributing archives of passwords, crypto wallet keys, and other private information stolen from machines contaminated with the RedLine password stealing malware.
What is Known About the Breach
The cache, which was presented as a nondescript archive file holding the credentials of hundreds of victims, including the top INCD officer, was viewed by the researchers in a public Telegram thread. The cache comprised saved credentials, credit card details, and auto-filled passwords from the official’s home computer, including passwords for threat detection services and other internal Israeli government networks used by the senior official.
An image of the official’s personal computer obtained during the hack and included in the cache of stolen credentials shows the INCD official inadvertently infecting their home machine with the RedLine malware. The photo notably shows a virtual machine running FlareVM, a specialized software used by security experts for reverse-engineering and studying malware, with a sample of RedLine on its desktop.
RedLine is a well-known password-stealing malware that was linked to last year’s Uber hack and the loss of login information from Worldcoin Orb operators. The INCD is in charge of protecting Israel’s cyberspace from cyberattacks. When questioned about the event, INCD stated that the agency official “reported in keeping with our established security protocols,” but did not specify when or how long after the incident was reported.
“Following the event, the INCD launched a thorough investigation, which confirmed that there was no breach to our well-secured organizational network,” stated Libi Oz, an INCD representative. “The incident occurred on a private computer that was disconnected and isolated from the organization’s network, ensuring the necessary separation of personal and work-related digital spaces.” Furthermore, no critical information was kept on it,” the representative noted.
According to INCD, it “routinely implements a complex security structure in the corporate network that involves multi-factor authentication along with additional regulations to successfully avoid and reduce the possible impact of such incidents.”