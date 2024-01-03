Cybercrime Group ‘irleaks’ Breaches 23 Iranian Insurance Firms and SnappFood

In a significant cybersecurity incident, a group of hackers operating under the moniker ‘irleaks’ targeted 23 leading insurance companies and SnappFood, Iran’s foremost online food delivery service. The data breach has led to the exposure of sensitive personal details of millions of individuals.

‘irleaks’ Strikes Iran’s Insurance Sector

On December 20, the ‘irleaks’ announced the sale of over 160 million records allegedly stolen from prominent Iranian insurance firms, including Kowsar, Atieh, Asia, and Alborz. The hackers demanded $60,000 for the stolen data, comprising names, birth dates, father’s names, phone numbers, mobile numbers, and national codes. The authenticity of the leaked data was confirmed by Hudson Rock, an Israel-based cybersecurity firm.

SnappFood Falls Prey to the Cyberattack

In a subsequent attack, ‘irleaks’ claimed to have infiltrated SnappFood’s systems on December 30, alleging the theft of 3 terabytes of sensitive data. The leaked information reportedly includes 20 million user profiles, 51 million user addresses, and 600,000 credit card records. SnappFood acknowledged the data breach and is currently working with local authorities to mitigate the situation.

Unraveling the Cybersecurity Breach

Hudson Rock suspects that the breach at SnappFood might have been executed through a StealC info-stealer malware infection on an employee’s computer. The infected employee is believed to be a software developer whose system could have facilitated data exfiltration. The initial infection by StealC is suspected to have come through a compromised software download, but tactics such as spear-phishing haven’t been ruled out.

Although the exact motive behind these cyberattacks remains unclear, Hudson Rock hints at the possibility of cyber espionage intended to cause internal disruption within Iran. At the same time, the potential of a financially motivated cybercrime by a sophisticated actor also cannot be overlooked.

The scale and sophistication of these attacks have raised serious concerns about potential state-sponsored involvement. As the investigations continue, it becomes increasingly imperative for companies to bolster their cybersecurity defenses to safeguard against such damaging breaches.