The attackers hacked the phones of at least 20 heads of Israeli cryptocurrency companies, took over their Telegram, Gmail and Yahoo accounts and tried to get cryptocurrency. This is reported by the local newspaper Haaretz.
In early September, the cybersecurity company Pandora Security was contacted by one of the victims, who claimed to have hacked his mobile phone. Hackers gained access to his Telegram account and sent messages to the victim’s contacts on his behalf with a request to transfer the cryptocurrency.
The day after the first appeal, messages from other victims began to arrive, said Tsahi Ganot, co-founder of Pandora Security.
All of them turned out to be CEOs or deputy heads of cryptocurrency projects.
In some cases, Telegram accounts were compromised, in others, mail services.
In addition to involvement in the cryptocurrency industry, the victims were united by the fact that they were all clients of the Israeli telecom operator Partner.
Hackers probably managed to intercept SMS messages with verification codes, Ganot said. In most cases, attackers make duplicate SIM cards for this purpose, but this time they were able to intercept SMS sent directly by the operator, the newspaper writes.
Following the investigation by Pandora Security, it turned out that hackers carried out the so-called SMSC spoofing, involving the use of roaming, having gained access to a foreign cellular network.
Subsequently, the attackers probably sent a message from a foreign cellular network to an Israeli one, thereby updating the client’s location.
“For example: “The subscriber has just landed in Tbilisi and registered in our network. Please forward his SMS messages through this network,” Ganot explained.
Since the registration of the victims in the foreign network, they have stopped receiving messages. In some cases, they also lost their connection or their phone rebooted, Ganot said.
Pandora Security contacted the operator, but initially the support service did not respond to the incident. Ganot subsequently managed to contact Partner’s Data security director.
He found out information about the victims, but asked each of them to contact Partner independently. The representative of the operator also assured that the incident was being dealt with, but after a few days they stopped contacting not only Pandora Security, but also the victims, Ganot said.
In his opinion, only Partner’s clients were affected, since the operator did not organize proper protection.
At the same time, the hackers failed to achieve what they wanted — according to Ganot, no one transferred the cryptocurrency to the attackers.
Recall, according to a study by F-Secure, the hacker group Lazarus began attacking job seekers in the field of blockchain and cryptocurrencies using the LinkedIn service.