Hackers leaked on Saturday a series of files containing thousands of samples of personal information that was purportedly stolen from the servers of a prominent college chain several weeks ago.
According to the hacker group Sharp Boys, they possess identification documents with headshots, academic certificates and credentials, addresses and personal information, military documents, and other personal documents that students have submitted to the Atid college chain over the years. The hackers added that the database contains data of approximately 500,000 students.
The hackers boasted about taking down the college's entire website, except for the main domain, so interested parties could verify the credibility of the data they offer for sale. Additionally, they uploaded the code of the college's website to the internet, presumably to prove their claims and credibility.
This is not the first time Sharp Boys have targeted Israeli firms. According to information provided by Persist Security, they have been involved in numerous attacks on Israeli websites.
The group began its attacks on Israeli websites in 2021. In that same year, they breached the website of outdoor gear store chain Lametayel and the Tiyuli travel website. The group claimed to possess a 500-gigabyte database containing data of approximately three million users, including emails, passwords, phone numbers, and more. They published some of the data.
About two weeks later, the hackers announced a breach of bus.co.il and its CRM data. According to the group, they hold over four million records, including names, dates of birth, addresses, phone numbers, and various files. They published some of the data. Following the breach, experts raised the question of whether it was a genuine breach or a leak from a previously compromised database.
In the summer of 2022, the group claimed to have breached a long list of websites, most of which were small, and stole credit card data and details from them. In July of that year, the group published a list of an additional 48 websites that they claimed to have breached. Unlike their usual practice, the hackers did not upload any data online this time.
Last month, almost a year after the previous incident, the group announced a breach of college networks. Among the files recently published by the Sharp Boys: approximately 900 scanned copies of identification documents and certificates, and an Excel file with over 200,000 records, including full names, emails, residential addresses, and other data. Additionally, the hackers published a file containing 68 different documents related to the IDF (engineering certificates, grades, and more).
In response to a Ynet request for comment, the Atid Group stated: "As reported two months ago, the Atid Group dealt with a malicious cyberattack orchestrated by Iranian hackers who sought to continue and carry out strategic strikes against leading academic and educational institutions in Israel.
The isolated attack was thwarted, but there are old materials, most of which have leaked. The National Cyber Directorate closely monitors and accompanies the management of the event, and its personnel are working to combat the repeated attempts by the Iranians to re-release the same materials."
Despite the accusations leveled against Iran, Persist is not confident that the hackers originate from the Islamic Republic. In fact, one of the senior researchers in the company firmly asserts that the group is not Iranian.
However, it is challenging to attribute a specific source to this group or any other. For instance, in the past month, the Anonymous Sudan group targeted numerous Israeli websites. Until the conclusion of Operation Shield and Arrow, this group was initially identified as either a Russian group or one with affiliations to Russia, despite their claims of advocating for the Palestinians. Their activities indicated a desire to "punish" Israel for its support of Ukraine during the conflict with Russia.