{ "id": "8c3b1d46-23a8-4313-a71f-9b88def7af59", "created_at": "2026-04-06T00:21:36.0987Z", "updated_at": "2026-04-10T03:32:13.305044Z", "deleted_at": null, "sha1_hash": "20a442fc9e21bc3bd08e040ad81d4fd2994a44de", "title": "Palestinian Hackers Hit 100 Israeli Organizations in Destructive Attacks", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 269379, "plain_text": "Palestinian Hackers Hit 100 Israeli Organizations in Destructive\r\nAttacks\r\nBy Ionut Arghire\r\nPublished: 2024-01-03 · Archived: 2026-04-02 11:38:01 UTC\r\nOver the past several months, a hacking group named Cyber Toufan has hit over 100 public and private\r\norganizations in Israel, as part of an aggressive campaign fueled by the intensifying geopolitical tensions in\r\nthe region.\r\nBearing the hallmarks of a sophisticated threat actor and claiming to be formed of Palestinian state cyber warriors,\r\nCyber Toufan rose to fame fast, executing complex cyberattacks against high-profile Israeli entities.\r\nThe group’s tactics suggest that Cyber Toufan is likely sponsored by a government, with evidence pointing to\r\npotential Iranian involvement, Check Point reported in early December.\r\n“The group has demonstrated superior capabilities compared to other pro-Palestinian linked Hamas hacking\r\ngroups. Their activities, which focus on breaching servers, databases, and leaking information, strongly suggest\r\nsupport from a nation-state, with indications pointing towards Iran as the likely supporter,” the International\r\nInstitute for Counter-Terrorism (ICT) was noting in late November.\r\nSecurity researchers have tracked over 100 intrusions associated with Cyber Toufan’s operations, characterized by\r\nthe exfiltration of large amounts of data, including personal information, and its release on the web.\r\n“Their attacks have not only led to substantial data leaks but have also served as a form of digital retaliation,\r\naligning with broader strategic objectives in the region,” threat intelligence firm SOC Radar wrote in a report two\r\nweeks ago.\r\nAdvertisement. Scroll to continue reading.\r\nhttps://www.securityweek.com/palestinian-hackers-hit-100-israeli-organizations-in-destructive-attacks/\r\nPage 1 of 2\n\nTo date, security researcher Kevin Beaumont says, the group has leaked on its Telegram channel the data of 59\r\norganizations. However, it likely compromised 40 more in an attack targeting a managed service provider (MSP).  \r\n“Data they have published includes a complete server disk image, SSL certificates with private keys to a host of\r\ndomains (which still haven’t been revoked and are still in use), SQL and CRM dumps. Even WordPress backups,\r\nas apparently people build CRMs on WordPress nowadays,” Beaumont says.\r\nCyber Toufan’s victims include the Israeli National Archive, Israel Innovation Authority, Homecenter Israel, Israel\r\nNature and Parks, The Academic College of Tel Aviv, Israel Ministry of Health, Ministry of Welfare and Social\r\nSecurity, Israel Securities Authority, Allot, MAX Security \u0026 Intelligence, Radware, and Toyota Israel.\r\nSome of the victims, Beaumont says, have not been able to recover from the cyberattacks and have been offline\r\nfor several weeks, likely because the attackers target Linux systems with a wiper.\r\nAccording to the researcher, Cyber Toufan uses Shred, a legitimate tool, to “delete files in an unrecoverable\r\nfashion”. For that, the group runs Shred using their own shell script, to ensure that the tool continues to run even if\r\nthe process is killed by an administrator.\r\nThe group was also seen emailing the victim organizations’ clients, to spread propaganda, and appears to be\r\ncoordinating with other hacking groups in larger collective operations.\r\nRelated: Spyware Caught Masquerading as Israeli Rocket Alert Applications\r\nRelated: Hackers Join In on Israel-Hamas War With Disruptive Cyberattacks\r\nRelated: Irrigation Systems in Israel Disrupted by Hacker Attacks on ICS\r\nSource: https://www.securityweek.com/palestinian-hackers-hit-100-israeli-organizations-in-destructive-attacks/\r\nhttps://www.securityweek.com/palestinian-hackers-hit-100-israeli-organizations-in-destructive-attacks/\r\nPage 2 of 2", "extraction_quality": 1, "language": "EN", "sources": [ "MISPGALAXY", "Malpedia" ], "references": [ "https://www.securityweek.com/palestinian-hackers-hit-100-israeli-organizations-in-destructive-attacks/" ], "report_names": [ "palestinian-hackers-hit-100-israeli-organizations-in-destructive-attacks" ], "threat_actors": [ { "id": "2d52f649-28b3-4ae9-9ef9-49d1bc85cf7a", "created_at": "2024-01-09T02:00:04.211752Z", "updated_at": "2026-04-10T02:00:03.514428Z", "deleted_at": null, "main_name": "Cyber Toufan", "aliases": [], "source_name": "MISPGALAXY:Cyber Toufan", "tools": [], "source_id": "MISPGALAXY", "reports": null } ], "ts_created_at": 1775434896, "ts_updated_at": 1775791933, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/20a442fc9e21bc3bd08e040ad81d4fd2994a44de.pdf", "text": "https://archive.orkl.eu/20a442fc9e21bc3bd08e040ad81d4fd2994a44de.txt", "img": "https://archive.orkl.eu/20a442fc9e21bc3bd08e040ad81d4fd2994a44de.jpg" } }