How a script from a cheap thriller became a reality for Israeli IT specialists.
An Iranian state-run hacker group known as "Lord Nemesis" recently conducted a cyberattack on an Israeli company that develops software for managing academic institutions. According to analysts, the main goal of the group's actions was not financial gain, but simple hacktivism aimed at intimidating Israeli organizations.
In November last year, hackers broke into the system of the company Rashim Software, and then used the obtained credentials to access the networks of customers of this company, including numerous academic institutions.
This event drew the attention of Israeli security companies to the activities of Iranian state-backed hackers, especially after the outbreak of hostilities in Gaza in October 2023, given Iran's support for the Palestinian group Hamas.
Analysts from OP Innovate, who investigated the incident, note that hackers sought to maximize the psychological impact on their victims. Their methods included sneaking into networks, stealing data, and gradually distributing confidential information online, including personal photos and videos of employees.
Family materials of the CEO of the hacked company
The design of the Lord Nemesis website, featuring the sinister dark lord, also highlights their desire to dramatize their activism.
Screenshot from the grouping's website
"After dozens of hours since the official announcement of the hacking of Rashim and their customers, we still have full access to the infrastructure, and we can send you a message from the official email address of the company," the hackers boasted in their mailing list.
Lord Nemesis is linked by researchers to the previously identified Nemesis Kitten group and is among several groups supported by Tehran, including Cobalt Mirage, APT35, and Charming Kitten, which the US imposed sanctions and took legal action against in 2022 for their association with Iran's Islamic Revolutionary Guard Corps.
The OP Innovate report does not reveal how hackers first penetrated Rashim Software, but it does indicate that the attackers managed to bypass multi-factor authentication via Office365, expanding their presence to Rashim customers.
Hackers continued to "travel" through the hacked network until March 4, publishing an accurate description of their attack, a lot of personal files of employees and threat letters on the Internet, which is a very unusual method of attack for hacktivist groups. Experts believe that in this way the attackers wanted to show their power and intimidate representatives of other Israeli companies.
An Iranian state-run hacker group known as "Lord Nemesis" recently conducted a cyberattack on an Israeli company that develops software for managing academic institutions. According to analysts, the main goal of the group's actions was not financial gain, but simple hacktivism aimed at intimidating Israeli organizations.
In November last year, hackers broke into the system of the company Rashim Software, and then used the obtained credentials to access the networks of customers of this company, including numerous academic institutions.
This event drew the attention of Israeli security companies to the activities of Iranian state-backed hackers, especially after the outbreak of hostilities in Gaza in October 2023, given Iran's support for the Palestinian group Hamas.
Analysts from OP Innovate, who investigated the incident, note that hackers sought to maximize the psychological impact on their victims. Their methods included sneaking into networks, stealing data, and gradually distributing confidential information online, including personal photos and videos of employees.
Family materials of the CEO of the hacked company
The design of the Lord Nemesis website, featuring the sinister dark lord, also highlights their desire to dramatize their activism.
Screenshot from the grouping's website
"After dozens of hours since the official announcement of the hacking of Rashim and their customers, we still have full access to the infrastructure, and we can send you a message from the official email address of the company," the hackers boasted in their mailing list.
Lord Nemesis is linked by researchers to the previously identified Nemesis Kitten group and is among several groups supported by Tehran, including Cobalt Mirage, APT35, and Charming Kitten, which the US imposed sanctions and took legal action against in 2022 for their association with Iran's Islamic Revolutionary Guard Corps.
The OP Innovate report does not reveal how hackers first penetrated Rashim Software, but it does indicate that the attackers managed to bypass multi-factor authentication via Office365, expanding their presence to Rashim customers.
Hackers continued to "travel" through the hacked network until March 4, publishing an accurate description of their attack, a lot of personal files of employees and threat letters on the Internet, which is a very unusual method of attack for hacktivist groups. Experts believe that in this way the attackers wanted to show their power and intimidate representatives of other Israeli companies.
