Blackshadow
Description
BlackShadow is a state-aligned cybercrime group reportedly linked to Iran’s cyber operations, first identified in late 2020. Their operations blend data exfiltration with ransom threats, notably targeting Israeli organizations such as Cyberserve—a web hosting provider—and leaking data to inflict reputational damage. Victims included entities like Atraf (an LGBTQ dating app), tour booking services, and museums, reflecting political or ideological motivations over financial gain. Despite carrying out extortion, there is no evidence that BlackShadow employs typical encryption-based ransomware mechanics; instead, they leverage stolen data and the threat of public exposure.
| External Analysis |
| https://www.cyberscoop.com/hack-and-leak-group-black-shadow-keeps-targeting-israeli-victims/ |
| https://heimdalsecurity.com/blog/cyberserve-hijacked-by-blackshadow-hacker-group-to-extort-customers/ |
| Urls |
Screen |
| http://544corkfh5hwhtn4.onion |
|
| http://blackshadow.cc |
Screen |
Posts
| Date |
Title |
Description |
Screen |
| 2021-12-18 |
Shirbit Insurance Company |
|
|
| 2021-12-18 |
K.L.S Capital |
|
|
| 2021-12-18 |
CyberServe Company |
|
|