cyber-threat Istock

Lebanese Cedar, the cyber unit of Hezbollah, hacked telecom companies and internet service providers using Oracle and Atlassian server's vulnerabilities.

ClearSky Cyber Security revealed today in a new report that APT group “Lebanese Cedar”, allegedly the cyber unit of Hezbollah, has successfully hacked the servers and databases of hundreds of companies worldwide, focusing mainly on telecommunications and ISP’s. It seems that the attacks aimed to gather intelligence and steal companies' databases containing sensitive data. In case of telecommunication companies, one can assume that databases containing call records and private data of clients were accessed as well.

The list of companies which appear to have been hacked includes cloud and hosting providers in the US and UK, Vodafone Egypt, internet and telephony service providers in Saudi Arabia, Jordan, Judea and Samaria, the UAE; and numerous Israeli companies. The attack group managed to hack these companies through web-based servers of Oracle and Atlassian – the provider of Jira, a popular issue-tracking software. “Apparently, these systems were hacked using known vulnerabilities of Oracle servers and open-source vulnerability scanners,” said researchers.

Boaz Dolev, CEO of ClearSky Cyber Security, stated: ”This group successfully worked under the radar for a long time, while getting control of critical databases and stealing valuable information. Telecommunication providers worldwide are a prime target for attackers in search for sensitive data.”

The group was first exposed in 2015. Since then, however, it has gone under the radar, successfully concealing parts of its activity. The Lebanese cyber attackers’ activities are driven by political and ideological motives, aiming at individuals, companies, and organizations worldwide. In their previous assessment, researchers for Israeli cyber security company Checkpoint succeeded in linking “Lebanese Cedar” to the Lebanese government or Hezbollah, while according to the latest ClearSky research, the current activity of the group is high likely to be connected to the activities exposed in the 2015 study.