Hackers hacked the phones of 20 Israeli cryptocurrency executives

Attackers hacked the phones of at least 20 executives of Israeli cryptocurrency companies, gained access to their accounts on Telegram, Gmail and Yahoo, and attempted to obtain cryptocurrency. The local publication Haaretz reports.

In early September, one of the victims contacted Pandora Security, a cybersecurity company, stating that his mobile phone had been hacked. The attackers gained access to his Telegram account and sent messages to the victim’s contacts on his behalf requesting them to transfer cryptocurrency.

The day after the initial report, messages started arriving from other victims, Pandora Security co-founder Tsahi Ganot said.

All of them were CEOs or deputy heads of cryptocurrency projects.

In some cases Telegram accounts were compromised; in others, email accounts.

Apart from ties to the cryptocurrency industry, the victims shared that all of them were customers of the Israeli operator Partner.

Presumably, the hackers managed to intercept SMS verification codes, Ganot said. In most cases, criminals duplicate SIM cards for this purpose, but this time they managed to intercept SMS messages sent directly by the operator, the publication reports.

According to Pandora Security’s investigation, the hackers carried out the so-called SMSC spoofing, involving roaming, gaining access to a foreign mobile network.

Subsequently, the attackers likely sent a message from the foreign mobile network to Israel, thereby updating the victim’s location.

“For example: “The subscriber has just landed in Tbilisi and registered on our network. Please forward his SMS messages through this network,” Ganot explained.

From the moment the victims were registered in the foreign network they stopped receiving messages. In some cases they also lost connectivity or their phone rebooted, Ganot said.

Pandora Security contacted the operator, but the support desk initially did not respond to the incident. Subsequently, Ganot managed to contact Partner’s Director of Data Security.

He learned about the victims, but asked that each of them contact Partner directly. A company representative also assured that the incident was being handled, but after a few days they stopped getting in touch not only with Pandora Security but also with the victims, Ganot said.

In his view, only Partner’s clients were affected, as the operator did not provide adequate protection.

At the same time, the hackers did not achieve their objective — according to Ganot, no one transferred cryptocurrency to the attackers.

According to the study by F-Secure, the Lazarus hacker group began attacking job seekers in the blockchain and cryptocurrency space, using LinkedIn.

Subscribe to ForkLog news on Telegram: ForkLog Feed — the full news feed, ForkLog — the most important news and polls.