Cyber Toufan

Malware Profile Updated 13 days ago
Download STIX
Preview STIX
Cyber Toufan, a malware operation, has been linked to numerous hack-and-leak incidents targeting over 100 organizations. The group is known for wiping infected hosts and releasing stolen data on their Telegram channel. This malicious software is designed to exploit and damage computer systems, often infiltrating them through suspicious downloads, emails, or websites. The victims of this breach include notable companies like ACE Israel, a branch of ACE Hardware. Cyber Toufan's activities escalated after the conclusion of the Israel Hamas ceasefire, revealing new breach victims and intensifying its operations. The threat actor group, along with others such as Cyber Av3ngers, appears to be adopting a narrative of retaliation in their cyber attacks, according to Check Point. These groups have evolved from traditional website defacements and DDoS attacks to more sophisticated hack-and-leak operations. The scale and sophistication of these attacks, combined with overlaps in methodology and the nature of the targets, suggest links between Cyber Toufan and Iran. The group has also been associated with nation-state actors like "Karma Power," linked to the Ministry of Intelligence, and corporate entities like HAYWIRE KITTEN, associated with Islamic Revolutionary Guard Corps contractor Emennet Pasargad. Cyber Toufan continues to cause significant damage, even after its leak schedule ceased. Victims of the group, as well as those connected to them, are experiencing ongoing disruptions. For example, an email sent to contacts stored in Radware's customer relationship management (CRM) platform demonstrated the group's intent to harm by encouraging recipients not to support Israeli tech products/services, implying that doing so contributes to violence in Gaza. Furthermore, due to server wipes executed by Cyber Toufan, websites belonging to many victims remain down, causing further operational challenges and potential financial losses.
What's your take? (Question 1 of 1)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Telegram
Israel
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Cyber Toufan Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
DARKReading
4 months ago
'Cyber Toufan' Hacktivists Leaked 100-Plus Israeli Orgs in One Month
DARKReading
3 months ago
Iranian APTs Dress Up As Hacktivists for Disruption, Influence Ops
CERT-EU
5 months ago
Breaking Cyber News From Cyberint - Cyberint
CERT-EU
4 months ago
Dark web threats and dark market predictions for 2024 – GIXtools
CERT-EU
4 months ago
Pro-Iranian Hacker Group Targeting Albania with No-Justice Wiper Malware
Securelist
4 months ago
Dark web threats and dark market predictions for 2024
CERT-EU
4 months ago
Israeli orgs subjected to suspected Iranian hacking attacks
BankInfoSecurity
5 months ago
Breach Roundup: Real Estate Firm Exposes Celebrity Data
CERT-EU
5 months ago
Abdali Hospital Data Breach, Hackers Demand 10 BTC Ransom | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | National Cyber Security Consulting
CERT-EU
5 months ago
Cyber Toufan goes Oprah mode, with free Linux system wipes of over 100 organisations