Cyber Toufan

Cyber Toufan, a malware operation, has been linked to numerous hack-and-leak incidents targeting over 100 organizations. The group is known for wiping infected hosts and releasing stolen data on their Telegram channel. This malicious software is designed to exploit and damage computer systems, often infiltrating them through suspicious downloads, emails, or websites. The victims of this breach include notable companies like ACE Israel, a branch of ACE Hardware. Cyber Toufan's activities escalated after the conclusion of the Israel Hamas ceasefire, revealing new breach victims and intensifying its operations. The threat actor group, along with others such as Cyber Av3ngers, appears to be adopting a narrative of retaliation in their cyber attacks, according to Check Point. These groups have evolved from traditional website defacements and DDoS attacks to more sophisticated hack-and-leak operations. The scale and sophistication of these attacks, combined with overlaps in methodology and the nature of the targets, suggest links between Cyber Toufan and Iran. The group has also been associated with nation-state actors like "Karma Power," linked to the Ministry of Intelligence, and corporate entities like HAYWIRE KITTEN, associated with Islamic Revolutionary Guard Corps contractor Emennet Pasargad. Cyber Toufan continues to cause significant damage, even after its leak schedule ceased. Victims of the group, as well as those connected to them, are experiencing ongoing disruptions. For example, an email sent to contacts stored in Radware's customer relationship management (CRM) platform demonstrated the group's intent to harm by encouraging recipients not to support Israeli tech products/services, implying that doing so contributes to violence in Gaza. Furthermore, due to server wipes executed by Cyber Toufan, websites belonging to many victims remain down, causing further operational challenges and potential financial losses.