Black Shadow attacks Cyberserve
according to Israeli reporting, the hacker group Black Shadow announced that they had hacked into the servers of the Israeli internet company Cyberserve, turning off the servers and threatening to leak data. The Jerusalem post identifies the hacking group as Iranian and this does fit with what we know about the Black Shadow group of course assuming the same individuals are behind the attach and this is not the work of a copycat.
The statement made by the hacking group stated:
“hello again! we have news for you. You probably could not connect to many websites today. Cyberserve company & their customers hit by us. You may ask what about Data? As always, we have lots of it. If you don’t want your data leaked by us, contact us soon”.
who is Cyberserve?
Cyberserve is a web hosting company which provides servers and data storage for other companies across industries. The data taken by the hackers covers a wide variety of businesses from travel booking companies, bus companies and even a children’s museum.
Among other things Cyberserve is responsible for the development of “Atraf” an LGBTQ dating site that has been down since early Saturday and there are concerns the hackers may have sensitive information about the user of this service and their information being made public.
Is this a western media slant?
The servers the group hacked were probably targeted because they discovered a vulnerability and not because they had insider knowledge of what was stored on those specific servers. Dear readers, it is becoming increasingly visible to us that western news outlets are attempting to change the narrative of the hack to be viewed as targeted against this one company yo inflict maximum damage to this minority group when really, there were probably hundreds of impacted companies and the western media is picking this specific company to focus on as it depicts Iran in the most negative of ways.
Black Shadow Ties to Iran
The common talking points about who may be behind this hack has overwhelmingly been identified as Iranian cyber actors of some sort however the cybersecurity consultant for the affected companies has explained that it is unlikely that a group working for the Iranian regime would “waste energy” on records from random sites but would aim to cause significant damage to crucial infrastructure. It is interesting however that this attack came just three day after the Iranian fuel stations were hit by a cyber atack that crippled gas pumps across the nation.
at the time of writing the Black Shadow Telegram channels have been swiftly removed from the platform shortly after the announcement of the hack. So far the data has not been released from what our reporters can find and the ransom payment has not been completed.
read our previous reporting on Black Shadow here.