The Malek Team, an Iran-associated threat actor, has escalated cyber offensives against Israeli institutions, including a major breach at Ziv Medical Center and a data leak from Ono Academic College. The incidents involve massive data exfiltration and raise national security concerns while highlighting a broader pattern of cyber espionage in the region. #MalekTeam #ZivMedicalCenter
Keypoints
- The Malek Team is described as possibly Iranian-linked and active after the Israel-Hamas conflict began, recruiting from anti-Israel hacktivists in South Asia and the Middle East.
- The group claimed a significant cyberattack on Ziv Medical Center, exposing large volumes of sensitive data from patients, including some IDF personnel records.
- Ono Academic College suffered a major breach with about 250,000 records leaked, including private student details and academic information.
- The attacks illustrate a pattern of cyber espionage and data theft spanning healthcare and education sectors in Israel, with broader implications for national security.
- Israeli authorities, via the National Cyber Directorate, responded by warnings and containment measures, such as disconnecting email servers to limit the breach.
- The incidents point to possible state-linked motivations and the evolving landscape of cyber warfare in a geopolitically tense region, underscoring the need for robust cyber defense and awareness.
MITRE Techniques
- [T1041] Exfiltration – Data exfiltration involved large-scale disclosure; ‘The attack allegedly resulted in the exfiltration of a staggering 500GB of data, including over 700,000 documents containing highly sensitive personal and medical information of patients.’
- [T1005] Data from Information Repositories – The leaks included sensitive personal and medical information such as ‘personal details and academic records’ from hospital and college records.
- [T1583] Acquire Capabilities – The Malek Team ‘recruit from anti-Israel hacktivists, often from South Asia and the Middle East.’
- [T1489] Service Stop – The breach response involved ‘temporarily disconnecting its email server and other critical computer systems to contain the breach.’
- [T1041] Exfiltration – Additional exfiltration context from Ono Academic College with ‘Approximately 250,000 records containing private student information were compromised, including personal details and academic records.’
Indicators of Compromise
- [No IOC types] No explicit IPs, file hashes, domains, or file names are provided in the article.