This video delves into the cyber attack orchestrated by the group Black Shadow on an Israeli insurance company, Sherbet. Despite using common hacking techniques like web shells and credential harvesting, the attack garnered attention due to the group's strategic use of media exploitation.





Here is the verbatim discussion:


The mainblow and the leakage of an act to a very interesting company, an insurance company in israel called Sherbet and they were attacked by a so-called group with the acronym of black shadow the main difference in this attack again nothing really fancy not any fancy tools nothing was unique it wasn't any what we used to see as an apt type of style with really sophisticated tools but very common things like web shells credentials harvesting some very normal payloads they use very simple wipers i'm not mistaken written in dotnet they use some custom trojans which we're also going to see later on they use ssh tunnels etc reverse proxy to leap to to hack the organization really a normal organization with a really you know basic security should have been able to stop them but for some reason they were not able to but the main difference here and this is why we also call it an info op but what the group here and by this time it was actually pretty obvious it was iranian a group called fox kittens uh by clear sky for example  they used telegram to lick and cause quite a panic in israel they heavily exploited the israeli media to amplify the attack and they did it in let's say in chunks so to get more atmosphere and show it was a really big hack and quite from there it was quite obvious that it's not an extortion attempt it's mainly someone trying to look at the stuff we even thought she'll be really bad but after that because some of the languages and the way they operated and the adversarial tools it was quite clear that this is an iranian campaign trying to make israel look bad and of course ransomware was not ransom was not paid etc



Highlights :

Attack Details:

  • The attack on Sherbet involved basic hacking methods like web shells and credential harvesting, indicating a lack of sophisticated tools.
  • The attackers utilized simple wipers and custom trojans, along with SSH tunnels and reverse proxies to infiltrate the organization.

Media Exploitation:

  • Black Shadow leveraged Telegram to leak information, causing widespread panic within Israel.
  • The group heavily utilized Israeli media platforms to amplify the impact of the attack, strategically releasing information in stages to create a sense of urgency and scale.


  • The attack was attributed to the Iranian cyber group, Fox Kittens, by cybersecurity experts like Clear Sky.
  • The exploitation of media and the nature of the attack indicated a deliberate attempt by Iran to tarnish Israel's reputation rather than a typical extortion scheme.



The Black Shadow attack on Sherbet serves as a stark example of how cyber warfare extends beyond technical infiltration. By exploiting media channels, the attackers aimed to magnify the perceived impact of the attack, underscoring the strategic nature of cyber operations in modern geopolitics.




Omri Segev Moyal is a renowned cybersecurity expert known for his expertise in ethical hacking and vulnerability research. With a background in computer science and extensive experience in the cybersecurity industry, Moyal has made significant contributions to enhancing digital security and raising awareness about cyber threats. His work spans across various domains, including penetration testing, malware analysis, and security research, making him a respected figure in the cybersecurity community.







E-mail me when people leave their comments –

You need to be a member of CISO Platform to add comments!

Join CISO Platform

CISO Platform

A global community of 5K+ Senior IT Security executives and 40K+ subscribers with the vision of meaningful collaboration, knowledge, and intelligence sharing to fight the growing cyber security threats.

Join CISO Community Share Your Knowledge (Post A Blog)



CISO Breakfast at BlackHat Las Vegas 2024!

  • Description:

    We are thrilled to invite you to the CISO Breakfast at BlackHat 2024. 

    CISOPlatform is a community partner for the event which is co-hosted by Silicon Valley Bank, Stage One, First Rays Venture Partners, Latham & Watkins.


    Event Details: 

    • Date: Thursday, August 8th,…
  • Created by: pritha
  • Tags: blackhat usa, las vegas, ciso breakfast, usa