Numerous companies in the Jewish State were targeted for the past five years at least, and possibly longer, by Hezbollah cyber terrorists in attacks that were largely ignored by Israeli security officials.
The cyber terrorists are members of a hacking group called “Lebanese Cedar” that is linked to Iran’s proxy in Lebanon, the Hezbollah terrorist organization.
But the attacks weren’t been traced back until Thursday (Jan. 28, 2021), when the Israeli “ClearSky” cyber security firm issued its report on the group.
“In early 2020, suspicious network activities and hacking tools were found in a range of companies,” the ClearSky team wrote on its blog.
“Comprehensive forensic research of the infected systems revealed a strong connection to a threat actor we call ‘Lebanese Cedar’, ‘Lebanese Cedar’ APT has been operating since 2012. These operations were first discovered by Check-Point researchers and Kaspersky labs in 2015. Since 2015 Lebanese Cedar APT – also referred to as “Volatile Cedar” – maintained a low profile and operated under the radar,” ClearSky explains in its report.
“Our report reveals a partial list of the companies that the group has attacked. The target companies are from many countries including: The United States, the United Kingdom, Egypt, Jordan, Lebanon, Israel, and the Palestinian Authority. We assess that there are many more companies that have been hacked and that valuable information was stolen from these companies over periods of months and years,” the company wrote in its report.
“According to Check-Point’s report, the group is motivated by political and Ideological interests, targeting individuals, companies, and institutions worldwide. We endorse Check Point’s strong case attributing Lebanese Cedar APT to the Lebanese government or a political group in Lebanon. Moreover, there are several indications that link Lebanese Cedar APT to the Hezbollah Cyber Unit.”
At least 250 servers that were breached by the hacking group were identified by ClearSky, with the primary victims being Oracle and Altassian WEB servers.
The firm strongly urged users to frequently change passwords and businesses to adopt strict cybersecurity measures to prevent attacks.