Iran-affiliated hackers demand $1 million, threaten to release Israelis’ data


2021-11-01 /

Two days after an Iran-affiliated hacker group breached the servers of an Israeli web-hosting company, the perpetrators warned on Sunday that they would dump all the information obtained in the attack unless a $1 million ransom request was met within 48 hours.
The group, which calls itself “BlackShadow, ” shared the personal information of a small number of users of LGBTQ dating app Atraf on Friday, after Cyberserve–the Israeli web-hosting company—failed to heed their demands.
“No one from the Israeli government or Cyberserve contacted us about the issue,” the group said in a Telegram message on Sunday.
“It is obvious this is not an important problem for them. We know everybody is concerned about the Atraf database. As you know, we are looking for money. So we made a decision: Atraf’s database includes the personal information of about 1 million people, the content of their chats, event tickets … anything that was on the site. If we receive $1 million within the next 48 hours, we will neither leak nor sell this information to anybody. Anyone can pay the ransom,” they stated.
Yoram Hacohen, CEO of the Israel Internet Association, warned that “under no circumstances” should the group’s demands be met.
“What has to be done now is to increase online safety and privacy regulations and provide support—physical and mental—to the people whose information has been leaked.”
Cyberserve confirmed the reports and said it was working with the Israel National Cyber Directorate to “put an end to the incident in the best way possible.” It further added that it was “working closely with all relevant entities of the State of Israel” and promised to update those involved as soon as it has more information on how the attack was carried out.
The management of Atraf also confirmed the reports. Service would only be restored after the app was “fully secured,” they said, adding that users were urged to change their passwords on other sites.
Besides the dating app, the hackers breached dozens of other sites hosted by Cyberserve, including the Kan public broadcaster, the Israel Lottery, Birthright, the Dan and Kavim public transportation companies, the Children’s Museum in Holon, tour booking company Pegasus and the Israeli Children’s Museum.
Later on Sunday, the BlackShadow Telegram account was blocked.


1- The group, called “Blackshadow,” is the same one that breached Israeli insurance company Shirbit and KLS Capital last year.

2- LGBTQ is an acronym for lesbian, gay, bisexual, transgender and queer or questioning. These terms are used to describe a person’s sexual orientation or gender identity.