blackshadow details

Description

BlackShadow is a state-aligned cybercrime group reportedly linked to Iran’s cyber operations, first identified in late 2020. Their operations blend data exfiltration with ransom threats, notably targeting Israeli organizations such as Cyberserve—a web hosting provider—and leaking data to inflict reputational damage. Victims included entities like Atraf (an LGBTQ dating app), tour booking services, and museums, reflecting political or ideological motivations over financial gain. Despite carrying out extortion, there is no evidence that BlackShadow employs typical encryption-based ransomware mechanics; instead, they leverage stolen data and the threat of public exposure.

External Analysis
https://www.cyberscoop.com/hack-and-leak-group-black-shadow-keeps-targeting-israeli-victims/
https://heimdalsecurity.com/blog/cyberserve-hijacked-by-blackshadow-hacker-group-to-extort-customers/

External Analysis

https://www.cyberscoop.com/hack-and-leak-group-black-shadow-keeps-targeting-israeli-victims/

https://heimdalsecurity.com/blog/cyberserve-hijacked-by-blackshadow-hacker-group-to-extort-customers/

Url	Status	Screen	Uptime 30d	Health
http://544corkfh5hwhtn4.onion	Down		—
http://blackshadow.cc	Down		—

Url

Status

Screen

Uptime 30d

Health

http://544corkfh5hwhtn4.onion

Down

—

http://blackshadow.cc

Down

—

Date	Title	Description	Screen
2021-12-18	Shirbit Insurance Company
2021-12-18	K.L.S Capital
2021-12-18	CyberServe Company

Date

Title

Description

Screen

2021-12-18

Shirbit Insurance Company

2021-12-18

K.L.S Capital

2021-12-18

CyberServe Company

Blackshadow

Description

Note