Iranian hackers target Israeli defence firm in bid for ransom

David Rose
·2 min read
Israeli cyber-security firm Checkpoint system said it had traced the hacks back to a Bitcoin exchanged based in Tehran - PA
Israeli cyber-security firm Checkpoint system said it had traced the hacks back to a Bitcoin exchanged based in Tehran - PA

A new Iranian computer-hacking group has been targeting defence companies in Israel in an attempt to expose weaknesses and obtain ransoms, it has emerged.

The group, known as "Pay2Key", boasted of carrying out dozens of cyber-attacks on high-profile targets since last month, including two in the last week.

The latest attack on Thursday targeted Portnox, an Israeli cyber-security firm, whose clients include electronics company Elbit Systems, which produces defence systems for military aircraft, vehicles and drones.

On Sunday, the same hackers said that they successfully compromised a range of Israeli defense industry companies, including Israel Aerospace Industries.

Analysts say that Pay2Key operates by using “ransomware” attacks to steal data, and threatening to leak it if the targets do not cooperate or pay up to £100,000 in Bitcoin, the electronic currency.

Checkpoint Systems, an Israeli cyber-security firm, said it had traced some of the transactions back to a Bitcoin exchange based in Iran, but it was not clear if the Iranian government was behind the attacks. 

Iranian hackers have previously been blamed for "state-level" cyber-attacks against Israel, American banks and in 2017, on British Parliamentary email accounts, including those of cabinet ministers.  

Among 3 Gigabytes of data released after the latest hack was a 15-page report that highlights security weaknesses in Elbit Systems. However, the report only goes as far as the year 2018, which may mean that most of the exposed weaknesses are no longer relevant.

"Over a terabyte of documents, projects, coding files and others were extracted from the company's servers," the group wrote on their website on the “dark web”, an unregulated part of the internet.

Portnox said that they were investigating after "reports indicated a hack into the company's internal servers by a hacking group that identifies itself as Pay2Key. 

"The company has launched a comprehensive investigation in order to gain a full picture of the incident," it said in a statement.