DarkBit, a new threat group with a declared anti-Israel agenda, has hacked Technion University, Israel’s top technology school and a center for cyber security education.
Although the cyberattack has been a ransomware attack, the group’s demands indicate potential opposition to Israel as an “apartheid” state. Alternatively, the group could be entirely criminal and using ideology as a secondary move.
DarkBit has demanded NIS six million or 80 Bitcoins to call off the attack, with a threat to increase the amount by 30% if the sum is not received within 48 hours, Alon Gal, co-Founder and CTO of Israeli cybercrime intelligence company Hudson Rock, told The Cyber Express.
According to news reports from Israeli media, the hacking attack has led to the postponement of all exams at the university. The Israel National Cyber Directorate (INCD) is in touch with Technion to get a full picture of the situation, to assist with the incident and to study its consequences, various reports said.
DarkBit and the ransomware attack on Technion University
“This campaign may be intended to inspire others who have recently lost their jobs in the tech industry to follow in the hacker’s footsteps and target Israeli organizations,” Hudron Rock’s Gal told The Cyber Express, sharing their initial analysis.
“The confirmation for the attack being a Ransomware came from a leak from one of the computers,” he added, sharing the screenshot. “Following it, the attackers posted it to their TOR website, confirming that it is in fact a valid ransomware attack.”
Gal was in in touch with the Israel CERT to share new information relating to the newbie group when the alerts of the ransomware attack came out. He immediately started tracing the group and found the leaked ransom note.
The payment is yet to be made, Gal confirmed The Cyber Express on Monday.
DarkBit, ransomware and bold moves
Unlike the usual step of sticking to Telegram channels and leak sites, perpetrators behind the DarkBit group have taken to open social media platforms such as Twitter and Reddit to spread the details of the Technion Ransomware attack.
The tactics of the group has the markings of an influence campaign by a state-sponsored group, Gal told The Cyber Express. However, he said it is too early to make an exact attribution.
According to Gal, the objectives of the campaign are twofold: to breach the security of Israel’s prestigious technical university as a means of humiliating the country technologically, and to elicit sympathy from the Israeli population by presenting the hacker as a former tech employee who seeks revenge against an unfair employer.