SOCRadar® Cyber Intelligence Inc. | Dark Web Profile: Malek Team
Home

Resources

Blog
Jan 24, 2024
6 Mins Read

Dark Web Profile: Malek Team

In recent months, the Malek Team, a hacker group with alleged links to Iran, has escalated its cyber offensive against key Israeli institutions, marking a significant uptick in digital threats within the region. The Malek Team, which has previously targeted a private college in Israel, claimed responsibility for a sophisticated cyberattack on Israel’s Ziv Medical Center. The breach at the medical center was particularly alarming due to the sensitive nature of the stolen data, which included a substantial volume of medical records. This attack was not an isolated incident; instead, it is part of a series of coordinated cyberattacks that have targeted various sectors in Israel.

Who is Malek Team

Their logo on their website

Their logo on their website

The Malek Team is possibly an Iranian linked threat actor group that was spotted after the Israel-Hamas conflict had begun. The group also appears to recruit from anti-Israel hacktivists, often from South Asia and the Middle East.

Their activities became increasingly bold and sophisticated, their attacks extending beyond the healthcare sector with Ziv Medical Center to encompass educational institutions such as Ono Academic College. These incidents highlight a worrying trend of cyber espionage and data theft from Iranian threat actors, with the hackers obtaining and leaking sensitive information, including personal details of Israeli Defense Force (IDF) soldiers and private student records.

As the Malek Team continues its cyber operations, the implications of these breaches extend far beyond the immediate impact on the targeted institutions. They represent a broader challenge to cybersecurity in a region already marked by complex geopolitical tensions.

Notable Attacks and Breaches

Ziv Hospital

The Malek Team claimed responsibility for a significant cyberattack on Ziv Medical Center in December 2023, a major healthcare facility in Safed, Israel. This attack allegedly resulted in the exfiltration of a staggering 500GB of data, including over 700,000 documents containing highly sensitive personal and medical information of patients. Notably, some of these records are said to belong to members of the Israeli Defense Forces (IDF), adding a layer of national security concern to the breach.

Malek’s Team website, latest victim listed as ZIV Hospital

Malek’s Team website, latest victim listed as ZIV Hospital

The cyberattack on Ziv Medical Center didn’t just compromise patient records. It also underscored the vulnerability of critical healthcare infrastructure to sophisticated cyber threats. Following the breach, the Israeli National Cyber Directorate took immediate action, issuing warnings and initiating an investigation to assess the full extent of the impact. In response to the incident, the hospital took precautionary measures, such as temporarily disconnecting its email server and other critical computer systems to contain the breach.

This incident at Ziv Medical Center was not an isolated event but part of a troubling pattern. It marks the third time in four months that the hospital has fallen victim to a cyberattack. The repercussions of this attack raised significant concerns about privacy, trust in healthcare institutions, and the broader implications for national security, given the involvement of IDF personnel’s records.

Ono Academic College Data Breach

The Malek Team’s cyber activities came to the forefront with a significant breach reported at Ono Academic College, a private educational institution in Israel. In this incident, the hacker group claimed to have infiltrated the college’s network, accessing a substantial volume of sensitive data. Approximately 250,000 records containing private student information were compromised, including personal details and academic records.

The leaked information not only included basic personal details but also extended to more sensitive data, such as academic records and internal communications. The hackers reportedly released evidence of their infiltration online, including videos and documents, further exacerbating the breach’s impact.

Malek’s Team website, Ono breach details with students and personnel pictures are shared on the website

Malek’s Team website, Ono breach details with students and personnel pictures are shared on the website

Broader Context and Implications

The cyberattacks perpetrated by the Malek Team on Ziv Medical Center and Ono Academic College were not isolated incidents but part of a larger pattern of increased cyber threats in Israel. They also claimed other attacks in Israeli government bodies and the IDF but for now their attacks were limited just on Israel. These attacks highlight the growing sophistication of cybercriminals and the escalating cyber warfare in a region already marked by complex geopolitical dynamics.

Further claimed leaks about Israel

Further claimed leaks about Israel

The targeting of diverse sectors, from healthcare to education, by groups such as the Malek Team, points to a broader strategy of exploiting any vulnerable point in the digital infrastructure of key institutions. This approach by cybercriminals underscores the reality that no sector is immune to digital threats. The sensitive nature of the data involved in these breaches, especially concerning IDF personnel, adds a layer of national security implications to the cyberattacks.

These incidents also reflect a wider trend of state-affiliated or state-supported cyber activities, particularly in the context of the ongoing tensions between Israel and Iran. While the direct involvement of state actors is not definitively established in these specific attacks, the pattern of targeting and the nature of data sought align with broader geopolitical motivations.

Moreover, the increasing frequency and scale of these attacks emphasize the need for continuous vigilance and robust cybersecurity measures. Institutions housing sensitive data must prioritize their digital defense mechanisms to protect against such sophisticated threats. This includes not only technological solutions but also a heightened awareness of cyber hygiene practices among individuals.

Conclusion

The implications of the Malek Team’s attacks extend far beyond the immediate impact on the targeted organizations. They signify a broader challenge in cybersecurity, where the lines between geopolitical rivalries and cyber warfare increasingly blur. In the context of Israel’s complex regional dynamics, these cyberattacks serve as a reminder of the digital battleground that complements physical and diplomatic conflicts.

In conclusion, the large-scale breaches by the Malek Team demonstrate that no sector is immune to cyber threats. In an era where digital risks are constantly evolving, continuous awareness, caution, and a collaborative approach to cybersecurity are vital. It is imperative for both individuals and organizations to stay informed and prepared to navigate these complex cyber landscapes effectively.