Hacker group leaks data, photos from Defense Ministry, Benny Gantz

A hacker group leaked data from the Defense Ministry, warning "we've kept an eye on you for many years."

Projection of cyber code on hooded man (llustrative) (photo credit: REUTERS/KACPER PEMPEL/ILLUSTRATION TPX IMAGES OF THE DAY)
Projection of cyber code on hooded man (llustrative)

A hacker group called Moses Staff claimed this week that it has successfully conducted a cyberattack on the Israeli Defense Ministry, releasing files and photos it claims it obtained from the ministry's servers.

Moses Staff's website claims that the group has hacked over 165 servers and 254 websites and compiled over 11 terabytes of data, including Israel Post, the Defense Ministry, files related to Defense Minister Benny Gantz, the Electron Csillag company and Epsilor company.

"We've kept an eye on you for many years, at every moment and on each step," wrote the group in the announcement of the attack on their Telegram channel on Sunday. "All your decisions and statements have been under our surveillance. Eventually, we will strike you while you never would have imagined."

Moses Staff claimed in the announcement to have access to confidential documents, including reports, operational maps, information about soldiers and units, and letters and correspondence. "We are going to publish this information to aware [sic] all the world about the Israeli authorities’ crimes," warned the group.

The files leaked included photos of Gantz and IDF soldiers and a 2010 letter from Gantz to the deputy chief of the joint chiefs of staff and chief of intelligence in the Jordian Armed Forces. The leaked files also included Excel files allegedly containing the names, ID numbers, emails, addresses, phone numbers and even socioeconomic status of soldiers, mechina pre-military students and individuals connected to the Defense Ministry.

 IDF soldiers compete in a multinational Capture the Flag cyber drill (credit: IDF SPOKESPERSON'S UNIT) IDF soldiers compete in a multinational Capture the Flag cyber drill (credit: IDF SPOKESPERSON'S UNIT)

The group stated on its website that it is targeting the same people who "didn't tolerate" the legitimacy of Moses, seemingly the reason for the name Moses Staff.

The group's description states that it will not forget "the soldiers whose blood is shed due to wrong policies and fruitless wars, the mothers mourning for their children, and all the cruelty and injustice were [were] done to the people of this nation." The group did not clarify in its description which soldiers it was referring to.

It is as of yet unclear if the group is acting independently or is backed by a state.

Moses Staff leaked identifying information, addresses and information about packages from an attack it says it conducted on the Israel Post. The group also leaked pictures of identity cards from a number of companies it claims it attacked.

The group's website also has a contact form for those interested in joining the group.

THE NATIONAL Cyber Directorate stated in response to the leaks that it has repeatedly warned that hackers are exploiting a vulnerability on the Exchange email service in order to attack organizations, according to Ynet.

"The directorate once again calls on organizations to implement in their systems the latest critical updates that Microsoft has released for this vulnerability – a simple and free update that can reduce the chance of this attack," the directorate said.

"Over the past few years we have heard a great deal about exposure of soldiers' details and military information at various levels of classification as a result of information security failures on various websites and applications," said cybersecurity consultant Einat Meyron on Wednesday, adding that while most of the exposures were seemingly innocent, this incident shows that there are anonymous hacker groups systematically collecting such information.

Meyron stressed that attackers aiming to impact the image of Israel, a country that sees itself as a defense and cybersecurity power, are patient and don't reveal all their cards at once. The cybersecurity consultant urged companies to take information security seriously, adding that many companies can often protect themselves with tools they already have as long as they have a correct understanding of the risks and their consequences.

The attack is the latest in a long series of cyberattacks on Israel in recent years.

Earlier this month, the Hillel Yaffe Medical Center in Hadera was targeted by a ransomware attack that affected its computer systems.

Cybereason also revealed earlier this month that MalKamak, an Iranian state-supported hacker group, was running a highly targeted cyber-espionage operation against global aerospace and telecommunications companies, stealing sensitive information from targets around Israel and the Middle East, as well as in the United States, Russia and Europe. The threat posed by MalKamak is still active.

Last month, a hacker group called Deus leaked data it claims it obtained in a cyberattack on the Israeli call center service company Voicenter from the company’s customers, including 10bis, CMTrading, Mobileye, eToro, Gett and My Heritage. The data leaked so far include security camera and webcam footage, ID cards, photos, WhatsApp messages and emails, as well as recordings of phone calls.

A series of cyberattacks has plagued Israeli businesses and institutions in the past two years, including Israel Aerospace Industries, the Shirbit insurance company and the Amital software company.

The National Cyber Directorate reported that it handled more than 11,000 inquiries on its 119 hotline in 2020, some 30% more than it handled in 2019. The directorate made about 5,000 requests to entities to handle vulnerabilities exposing them to attacks and was in contact with about 1,400 entities concerning attempted or successful attacks.