Israeli logistics company websites hit by Iranian hackers

Israeli information security company ClearSky informed that several Israeli logistics and delivery websites were hacked in order to collect information about their users.

ClearSky experts attributed the attacks to an Iranian group “with a low degree of certainty” Tortoise shell (TA456, Imperial Kitten), which has been active since July 2018.

The campaign targeted at least 8 Israeli websites, including trucking company SNY Cargo, logistics firm Depolog and restaurant equipment supplier SZM. The sites were compromised using a so-called watering hole attack (Water hole). At the moment, the malicious code has already been removed from infected sites.

A watering hole attack involves hackers compromising a website that is frequently visited by targeted victims. Once hacked, attackers inject malicious code into the site, which is activated when users visit the site.

In a recent attack, hackers used malware JavaScript. The information collected includes:

• user IP address;
• screen resolution;
• URL of the last visited page.

The hackers also tried to determine the language settings of the user’s computer in order to tailor their attacks in the future.

Most of the compromised sites used the uPress hosting service, which was attacked in 2020 by the Iranian group Emennet Pasargad. As a result, thousands of Israeli sites were disabled.

Israel and Iran often clash in cyberspace due to political tensions between the two countries. Some of the Iranian attacks are aimed at stealing user data or destroying systems, while others are aimed at spreading misinformation.