Have the hackers who attacked the software company Amital and Intel’s artificial intelligence (AI) chip company in the past week been exposed? A report by the Israeli cyber company Clearski confirms recent reports that the Iranians are behind the factor that publicly claimed responsibility for these two attacks – the Pay2Kitten attack group.
In the last two weeks, there have been three cyber attacks in Israel with an unprecedented media profile. It began with a break-in to the insurance company Shirbit by the attack group BlackShadow, moved to a thwarted attack against the software company Amital, a break-in that also affected dozens of its customers, and continued with an attack against Intel’s Banana AI chip company.
In the latter case, the attack group Pay2Kitten published documents that were allegedly stolen from the Bana company, on its Twitter account. The documents allegedly touched on the development of the “Goya” AI chip.
Clearsky’s report points to a link between Pay2Kitten and the Iranian attack group FoxKitten, which it defines as “one of the most active attack groups against companies and organizations in Israel.”
The report notes and explains that “Iranian attack groups are referred to in the cyber world as ‘kittens’.” The purpose of the campaign according to the report is not only information theft, but also disruption, extortion, theft of money and possibly any Iranian awareness campaign intended to harm Israel. According to the report, “The name chosen by the attackers for the campaign, ‘Pay2kitten’, indicates the fact that the blackmailed companies are transferring funds directly to an Iranian attack group.”
The report also shows that the three recently published cases were just the tip of the iceberg of an extensive campaign by the Iranians against entities in the Israeli economy. According to Klirsky, not only has the Iranian attack group acted in recent months against dozens of Israeli companies, but this activity follows on from the group’s campaign against Israeli security companies about a year ago.
“Our surveillance of the Fox Kitten Group lasted for over a year and a half when most of its activity was initially against companies in the defense sector, and during the year the group began to attack many other sectors,” McLersky said. The company explained that “according to the analysis of the recent attacks, the group took advantage of weaknesses on the websites of Israeli companies in order to infiltrate their computer systems.”
Clearski further notes that this is an unusual attack campaign, “because until recently the Iranians attacked mainly for espionage and intelligence purposes, but since August they have also been working with the aim of deleting and disrupting computer systems and stealing and blackmailing companies.”
The report further noted that “the group’s course of action is different from criminals who specialize in ransomware attacks. In some cases, despite paying ransom, the extortion companies did not receive encryption opening keys. In our opinion, FoxKitten’s main goal is to cause embarrassment, confusion and damage to Israeli companies.
“As part of the attack, the group conducted an initial intelligence gathering of the companies it attacked, including checking for vulnerabilities on the company’s sites or exploiting leaked permissions, and so the attackers infiltrated Israeli companies’ computer systems. And blackmailing the company into which they infiltrated. “