This post is also available in: heעברית (Hebrew)

An Iranian cybergang called “Cyber Toufan” has leaked data from 49 Israeli firms according to threat Intelligence platform FalconFeedsio. The cybergang itself claimed responsibility for breaching high-profile organizations since November of 2023.

According to Cybernews, in recent weeks a massive data breach and subsequent data leaks affected 49 Israeli companies, including the Israel Innovation Authority, Toyota Israel, the Ministry of Welfare and Social Security, Ikea Israel, cybersecurity and geo-intelligence company Max Security, and others.

FalconFeedsio’s report claims that these companies were not breached individually, but rather the cybergang targeted the hosting company “Signature-IT” and allegedly stole data belonging to 40 Israeli firms.

It is possible that Cyber Toufan is state-sponsored, as is hypothesized by cybersecurity company SOCRadar, which claims that their rapid rise and effective execution of complex cyberattacks suggest a level of support and resources that are not typically available to independent hacker collectives. The Iranian connection was hypothesized by cybersecurity experts given the group’s style, targets, and the geopolitical narrative underpinning their attacks.

Cyber Toufan has been leaking large databases taken from the websites on a daily basis, including big SQL files with data of millions of users (including emails, phone numbers, names, and business interactions).

Overall, there has been a rise of 18% in cyberattacks targeting Israel since October 7th according to Checkpoint researchers. Furthermore, it seems that cybergangs like Cyber Toufan are adopting a narrative of retaliation: “By opportunistically targeting US entities using Israeli technology, these hacktivist proxies try to achieve a dual retaliation strategy – claiming to target both Israel and the US in a single, orchestrated cyber assault.”

There has been a recent escalation in cyber affairs between Israel and Iran, with the Israel-linked group Predatory Sparrow taking responsibility for a crippling blow to Iranian gas station infrastructure that left 70% of gas stations inoperable.