Zerofox IB companies have reported that a user under the pseudonym “Blackfield” has put up for sale a database containing personal data, photographs, and links to social networks of the Israeli Defense Army (IDF) and Israeli security services (Shabak) at the RAMP hacker forum.
The hacker is estimating the cost of the data package to be $15,000 and has stated that the transaction will be conducted through the escrow account of the forum to ensure its security. The use of an escrow service involves the involvement of a third party to guarantee the fulfillment of certain conditions in a transaction.
Zerofox further states that the information being sold will be of interest to geopolitically motivated individuals. The fact that the data is being sold rather than freely distributed suggests that Blackfield is seeking financial gain rather than pursuing ideological goals. The value of the stolen data has also significantly increased since the start of the conflict in Israel, leading researchers to believe that its cost is above average.
Experts speculate that the data was obtained by substituting accounting data through profiles on social networks. It is possible that the hacker had additional information that allowed them to identify members of the IDF and Shabak. Zerofox researchers have concluded that Blackfield is an Initial Access Broker (IAB) network. Additionally, another cybercriminal known as “Achillesec,” who is likely connected to the programs, has already shown interest in purchasing the data.