מתקפת סייבר N3TW0RM
N3tw0rm attackS H&M Israel
N3tw0rm attackS H&M Israel

Iranian hackers said to launch cyberattack on H&M Israel

Hacker group N3tw0rm threatens to publish data stolen from clothing giant's servers if requirements not met in latest incident in host of ransomware attacks; experts estimate more such attacks ahead

Tal Shahaf |
Published: 05.02.21, 21:54
A hacker group affiliated with Iran announced Sunday morning it managed to steal 11 gigabytes of data from the servers of the Israeli branch of Swedish clothing giant H&M.
  • Follow Ynetnews on Facebook and Twitter

  • The breach comes less than a week after the hacker group, known as N3tw0rm, carried out a similar attack against Israeli logistics firm Veritas and claimed it had managed to extract no less than 9 GB of data from the company's servers.
    3 צפייה בגלריה
    מתקפת סייבר N3TW0RM
    מתקפת סייבר N3TW0RM
    N3tw0rm attackS H&M Israel
    In both incidents, N3tw0rm threatened to release the stolen data if their demands are not met within three days. The demands in both cases were not made public.
    Cybersecurity experts estimate that N3tw0rm is the same Iranian group that previously operated under the name Pay2Key and managed to hack a number of organizations and companies, including Israel Aerospace Industries, Intel and more.
    Following the recent attacks, the Israel National Cyber Security Directorate (INCD) issued an alert, coupled with information to help companies identify said cyberattacks and defend against them.
    3 צפייה בגלריה
    מתקפת סייבר N3TW0RM
    מתקפת סייבר N3TW0RM
    N3tw0rm leak site on the Darknet
    Rafael Franco, former deputy general director at INCD, says that the incident seems to be a prelude to Iran's Jerusalem Day and that further attacks are expected. "The peak is still ahead of us," he said.
    Lior Frenkel, CEO of Waterfall Security and chairman of the Manufacturers Association's CyberForum, added that these recent attacks are part of a sharp spike in the number of cyberattacks, mostly ransomware attacks targeting Israeli companies.
    In many cases, according to Frenkel, the attackers do not demand more than a few thousand dollars in ransom which companies usually pay up immediately. Due to the seemingly small scale of the attacks, Frenkel says that Iran might not be involved in the recent cybercrime surge hitting businesses in Israel.
    3 צפייה בגלריה
    מתקפת סייבר Pay2Key
    מתקפת סייבר Pay2Key
    Pay2Key's lead directory on the Darknet
    Director of INCD's Monitoring & Analysis Center Erez Tidhar also said it was too early to link the attacks to an Iranian group.
    "There have been several reports on various channels about companies being attacked by a ransomware virus. There are similar characteristics to a Pay2key attack but that does not mean these are the same attackers,” Tidhar said.
    “We issued a warning quickly and revealed the tools used by the attackers. This means that any company that implements our recommendations would avoid this virus. We provide assistance on a country level rather than on a personal level and work in cooperation with cybersecurity companies."
    Tidhar added that the lack of any specific demands might mean that the group’s intention is to cause economic harm to attacked companies or simply humiliate them.
    Talkbacks for this article 0