The BlackShadow threat group has managed to breach the Israeli hosting provider Cyberserve to steal client databases and hold them for ransom. Starting on October 29th, the company’s website was unavailable as they worked through the aftermath of the cybersecurity incident. According to the attackers, they are holding the client databases for ransom for 1 million dollars in cryptocurrency and gave the company 48 hours to pay. As proof, the group leaked 1,000 documents almost immediately. Many of the websites hosted by Cyberserve are still unavailable according to Bleeping Computer. The National Cyber Directorate told The Times of Israel that they had warned Cyberserve about an imminent cyber-attack several times in the previous days. It is unclear if Cyberserve took these warnings seriously.
BlackShadow is an Iranian-backed threat actor that has confirmed links to the Pay2Key ransomware strain. Pay2Key has continuously been used against Israeli victims. However, BlackShadow remains to be one group that is not financially motivated by their attacks. It is believed attacks like these are politically motivated between Iran and Israel, and that the ransom is just a bonus for the group.