toufan

Ransomware group profile

36Victims

IranSource country

45Impact score

Also Known As

Cyber Toufan

Cyber Toufan Al-Aksa

Description

Toufan is a ransomware group known for its targeted attacks, utilizing advanced techniques to encrypt data and demand ransoms. With a reputation for quickly adapting their tactics, they often employ phishing and exploits to infiltrate networks. Their recent focus includes critical infrastructure and high-value sectors, posing significant risks to their targets.

Key insights

•Employs a mix of phishing, exploits, and insider threats for initial access.
•Targets critical sectors such as healthcare, finance, and government.
•Utilizes double extortion tactics, threatening to leak sensitive information.
•Frequently updates malware and attack methodologies based on vulnerabilities.
•Notable for targeting high-profile individuals to leverage psychological impacts.

Industries

Education Financial Services Government & Defense Healthcare Hospitality Manufacturing Other Professional Services Retail & E-Commerce Technology Transportation

Threat Level & Status Breakdown

For toufan · Based on incidents in selected period

2.3threat level

Aggressiveness5/ 10

Lethality0.6/ 10

Criticality1/ 10

Status Breakdown

Data Leaked11.1%4

Claimed61.1%22

First seenSep 2025

Last seenMar 2026

Avg ransom—

Payment rate—

Statusactive

Sophistication0

Last updatedJun 2, 2026

Recent activity

Monthly attack count for toufan in the selected period

36Total attacks

13peak in Sep

6avg / month

↓ 3 vs first month

Intelligence

IOCs, YARA/Sigma rules, and related families for toufan

d520d06d78afcad2e03842cb8db4622d18b92739e89dfb8dadf5743f30dcd903
e75e5778e71e062ce4a7af673f0b2513854d2367fee0f01a26c0c998863bdf6e
eae09889399fe4fb8e78b114dba0527de913d12fb1802944a88ed136e3e90577
94f73b5dc06ba6705fcef3e759413a747049c2949a0c2e44afc03b2f9989cf73

View full IOC feed500 total

TTPs & Attack Vectors

Tools, initial access, and MITRE ATT&CK techniques for toufan

Other

T1486

T1490

T1040

T1078

T1059

T1562

T1021

T1135

T1563

T1543

T1069

T1203

Victims(36)

Company	Domain	Country	Industry	Status	Discovered
Oz Aviation ltd.	—	—	Transportation	Claimed	2 months ago
Rational-Solutions	—	—	—	Claimed	2 months ago
Maya Engineering – “maya-il.com”	—	IL Israel	—	Claimed	2 months ago
ACOM Communication Strategies	—	—	Professional Services	Claimed	2 months ago
UPC Precision Castings Ltd – “upccastings.com”	—	—	Manufacturing	Claimed	2 months ago
CR Casting, Exact LTD and Tefen Metal Castings	—	IL Israel	Manufacturing	Claimed	2 months ago
Saar Engineering – “saarengineer.com”	—	—	—	Claimed	2 months ago
shiran-tours.co.il	shiran-tours.co.il	IL Israel	Hospitality	Claimed	2 months ago
yechavedaat.org	yechavedaat.org	IL Israel	Education	Claimed	2 months ago
Optum Industrial Engineering Systems	—	—	Manufacturing	Claimed	2 months ago
ILDefenseLeaks : Optum Industrial Engineering Systems – https://optum-ies.com	—	IL Israel	Technology	Claimed	5 months ago
ILDefenseLeaks : UPC Precision Castings Ltd – “upccastings.com”	—	PS Palestine	Other	Claimed	6 months ago
ILDefenseLeaks : Saar Engineering – “saarengineer.com”	—	SY Syria	Government & Defense	Claimed	6 months ago
ILDefenseLeaks : CR Casting, Exact LTD and Tefen Metal Castings	—	IL Israel	Government & Defense	Claimed	6 months ago
ILDefenseLeaks : Maya Engineering – “maya-il.com”	—	IL Israel	Government & Defense	Claimed	7 months ago
Operation – “Enter Upon Them By The Gate” – 0x08 : Gavriel Machal Law Firm	—	IL Israel	Other	Claimed	8 months ago
Operation – “Enter Upon Them By The Gate” – 0x10 : THE PHOENIX	—	IL Israel	Financial Services	Claimed	8 months ago
Operation – “Enter Upon Them By The Gate” – 0x11 : exposing 20 complicit law firms	—	IL Israel	Government & Defense	Claimed	8 months ago
Operation – “Enter Upon Them By The Gate” – 0x12 : Zevulun Marine Systems LTD	—	IL Israel	Government & Defense	Claimed	8 months ago
Operation – “Enter Upon Them By The Gate” – 0x14 : shiran-tours.co.il	—	IL Israel	Other	Claimed	8 months ago

Page 1 of 2

Affected countries(7)

Countries where this group has been reported to target or leak victims.

🇦🇺Australia 🇨🇦Canada 🇬🇧United Kingdom 🇮🇱Israel 🇶🇦Qatar 🇸🇬Singapore 🇺🇸United States