Israel's ClearSky Cyber Security revealed Thursday in a new report that APT group "Lebanese Cedar", apparently the cyber unit of Hezbollah, has hacked the servers and databases of hundreds of companies worldwide, focusing mainly on telecommunications and internet service providers.
It seems that the attacks were aimed at gathering intelligence and stealing company databases containing sensitive data. In the case of the telecommunication companies, it can be assumed that databases containing call records and private data of clients were accessed as well, the company said.
According to ClearSky, the list of companies apparently hacked includes cloud and hosting providers in the US and UK, along with Vodafone Egypt; internet and telephony service providers in Saudi Arabia, Jordan, the West Bank, and the UAE; and numerous Israeli companies. The attack group managed to hack these companies through web-based servers of Oracle and Atlassian, the provider of Jira, a popular issue-tracking software. The systems were apparently breached using known vulnerabilities of Oracle servers and open-source vulnerability scanners, said the researchers.
Boaz Dolev, CEO of ClearSky, said "This group successfully worked under the radar for a long time, while getting control on critical databases and stealing valuable information. Telecommunication providers worldwide are a prime target for attackers in search for sensitive data."
The group was first exposed in 2015, but since then it went under the radar and concealed parts of its activity. The Lebanese cyber attackers’ activities are said to be driven by political and ideological motives, aiming at individuals, companies, and organizations worldwide. In previous research, Check Point researchers succeeded in linking Lebanese Cedar to the Lebanese government or Hezbollah, while the new ClearSky research found it to be highly probable that the current activity of the group is connected to the activities exposed in the 2015 research.