The intruders hacked into the phones of at least 20 executives of Israeli cryptographic companies, took possession of their Telegram, Gmail and Yahoo accounts and tried to obtain the crypt currency. The local Haaretz publication reports this.
In early September, Pandora Security, a cybersecurity company, was contacted by one of the victims who reported a break-in of his mobile phone. The hackers gained access to his Telegram account and sent messages to the victim’s contacts on his behalf asking them to list the crypt currency.
The day after the first call, messages from other victims began to arrive, said Tsahi Ganot, co-founder of Pandora Security.
They were all CEOs or deputy heads of cryptographic projects.
In some cases, the accounts at Telegram were compromised, while in others they were compromised at the postal services.
In addition to being involved in the cryptographic industry, the victims were all clients of the Israeli service provider Partner.
It is likely that the hackers managed to intercept SMS messages with verification codes, said Ganot. In most cases, the attackers make duplicate SIM cards for this purpose, but this time they were able to intercept SMS messages sent directly by the operator, the publication says.
The investigation by Pandora Security revealed that the hackers had carried out so-called SMSC spoofing, which involves the use of roaming, gaining access to a foreign cellular network.
Subsequently, the attackers probably sent a message from a foreign cellular network to an Israeli network, thus updating the customer’s location.
“For example: “The subscriber has just landed in Tbilisi and registered in our network. Please forward his SMS messages through this network,” explained Ganot.
Since registering victims in the foreign network, they have stopped receiving messages. In some cases, they have also lost contact or their phone has been rebooted, Ganott said.
Pandora Security contacted the operator, but the service did not respond to the incident initially. Subsequently Ganott was able to contact the Director of Data Security at Partner.
He learned about the victims, but asked that each of them contact the Partner themselves. The operator representative also assured them that they were dealing with the incident, but after a few days they stopped contacting not only Pandora Security but also the victims, said Ganott.
In his opinion, only Partner’s customers were the victims, as the operator did not provide adequate protection.
At the same time, the hackers failed to achieve what they wanted – according to Ganott, no one translated the cryptographic currency to the attackers.
Recall, according to a study by F-Secure, the Lazarus hacker group has begun attacking job seekers in the field of blockchens and cryptovalues using the LinkedIn service.
Subscribe to ForkLog news in Telegram: ForkLog Feed – the whole news feed, ForkLog – the most important news and surveys.