The Israel National Cyber Directorate issued a warning Wednesday against an "active attack campaign" targeting job seekers in Israel. The main goals of the attackers are to steal personal information of users from the attacked websites and publish it, the directorate said in a statement.
As part of the campaign, SMS messages are distributed in which the user's first name appears and an invitation to view relevant available jobs on a website pretending to be the AllJobs website. Clicking on the link activates a code in user's browser that will try to activate the device's camera. The user is transferred to a dedicated page that includes his stolen personal information, and additional details of the equipment on which he activated the link (operating system, browser and geographic location).
The hackers, who identify themselves as Yooz E Cyber, posted videos in their Telegram group with photos of the campaign's victims, allegedly taken after they clicked on the malicious link. Each video includes the photos of about 15 people, along with their personal details - email, phone, city of residence, year of birth and in some cases also an ID card and details of their lives.
"I also took the picture of these poor people who are looking for work. From the pictures I took of them it appears that, even in the bathroom, on top of the toilet, I don't stop working," the group wrote. The information security company Check Point estimates that this is an Iranian hacker group, apparently an incarnation of the Moses Staff group, which is behind a series of cyberattacks against Israeli targets.
The hacker campaign apparently targets clients of the staffing company Neto Work, whose servers were hacked on Tuesday. The company wrote in a message to customers on Wednesday: "Starting yesterday, some of our customers have received phishing messages impersonating us. Please note that these are malicious messages. We recommend that you listen to the instructions of the National Cyber Directorate: do not click on suspicious links and enter websites only through an independent search on Google."
AllJobs stated that this is not an information leak or a data leak from the site, but rather an impersonation of a URL to AllJobs, as part of a campaign by hacker groups hostile to Israel that focus, among other things, on job search sites. It was also reported that the company works closely with the national cyber directorate." (Full disclosure: AllJobs is a subsidiary of the "Yediot Ahronoth" group).