• Sat. Oct 21st, 2023

Israel’s Сybersecurity – There Was No Hack After a Senior Official Infected his Personal Computer with Malware

Avatar photo

ByEsme Greene

Aug 31, 2023
Israel's Cybersecurity Denies Malware Infection
Esme Greene
Latest posts by Esme Greene (see all)

According to a security researcher who declined to be identified, the INCD official’s stolen credentials were discovered in mid-June in an open Telegram group renowned for distributing archives of passwords, crypto wallet keys, and other private information stolen from machines contaminated with the RedLine password stealing malware.

What is Known About the Breach

The cache, which was presented as a nondescript archive file holding the credentials of hundreds of victims, including the top INCD officer, was viewed by the researchers in a public Telegram thread. The cache comprised saved credentials, credit card details, and auto-filled passwords from the official’s home computer, including passwords for threat detection services and other internal Israeli government networks used by the senior official.

An image of the official’s personal computer obtained during the hack and included in the cache of stolen credentials shows the INCD official inadvertently infecting their home machine with the RedLine malware. The photo notably shows a virtual machine running FlareVM, a specialized software used by security experts for reverse-engineering and studying malware, with a sample of RedLine on its desktop.

RedLine is a well-known password-stealing malware that was linked to last year’s Uber hack and the loss of login information from Worldcoin Orb operators. The INCD is in charge of protecting Israel’s cyberspace from cyberattacks. When questioned about the event, INCD stated that the agency official “reported in keeping with our established security protocols,” but did not specify when or how long after the incident was reported.

“Following the event, the INCD launched a thorough investigation, which confirmed that there was no breach to our well-secured organizational network,” stated Libi Oz, an INCD representative. “The incident occurred on a private computer that was disconnected and isolated from the organization’s network, ensuring the necessary separation of personal and work-related digital spaces.” Furthermore, no critical information was kept on it,” the representative noted.

According to INCD, it “routinely implements a complex security structure in the corporate network that involves multi-factor authentication along with additional regulations to successfully avoid and reduce the possible impact of such incidents.”

Avatar photo

Esme Greene

Esme brings a wealth of knowledge and experience to our website, specializing in all aspects of DarkWeb security. With a deep understanding of the intricate workings of the DarkWeb and its associated cybersecurity risks, Esme curates insightful and informative content for our readers.