Hezbollah attacked telecom operators worldwide

Israeli cyber defense company ClearSky published a warning report yesterday that the APT group “Lebanese Cedar”, apparently a cyber unit in Hezbollah, hacked servers and databases at hundreds of companies around the world, focusing mainly on Internet service providers. telecommunications and internet services.

According to the report, the attacks apparently aimed to gather intelligence and steal databases of companies containing confidential data. In the case of telecommunications companies, it can be assumed, says ClearSky, that databases containing call records and private customer data were also accessed.

This group was first detected in March 2015 by Check Point and since then has not been seen since, being then called “Volatile Cedar”. Although Check Point did not specifically attribute the action to a particular group or organization, other experts said at the time that the attack had all the marks of a campaign orchestrated by the Lebanese Shiite militant group Hezbollah, which maintains close ties with Iran and its Guard. Revolutionary.

The ClearSky report concludes that it is highly likely that the group’s current activity is linked to the activities exposed in 2015. The activities of Lebanese cyberattacks have political and ideological motives, targeting individuals, companies and organizations worldwide.

According to ClearSky, the list of apparently hacked companies includes hosting and cloud providers in the U.S. and the UK, along with Vodafone Egypt and more: internet and telephone service providers in Saudi Arabia, Jordan, the West Bank and the United Arab Emirates. United; and several Israeli companies. The attack group managed to hack these companies through web-based servers from Oracle and Atlassian, a provider of Jira, a problem tracking software. The systems were apparently breached using known vulnerabilities in Oracle servers and open source vulnerability scanners, the researchers said.

With international agencies