Hackers linked to Iran leak data of Israeli students

A hacker group Lord Nemesis with affiliations to Iran has leaked the personal data of thousands of Israeli college students on the dark web. The leak includes 4,000 student ID cards with indications that more data releases from other colleges may follow.

The origin of this breach was traced back to Rashim Software, an influential provider known for its comprehensive software solutions catering to colleges and universities, with its student CRM, Michlol, being particularly widespread across Israeli academic entities.The attackers used stolen credentials from Rashim to infiltrate the systems of several of Rashim's clients, including a range of academic institutions.

Lord Nemesis claimed to have obtained full access to Rashim's infrastructure, leveraging this breach to distribute an email to over 200 of Rashim's customers and colleagues. They exploited Rashim's practice of maintaining admin user accounts across customer systems. By seizing control of one such admin account, Lord Nemesis could breach additional organizations that utilized the Michlol CRM through their VPN connections.

The breach compromised the following information:

• student IDs,
• bank account details,
• phone numbers,
• IDF (Israel Defense Forces) documents,
• email addresses,
• academic test results.

Te hackers released approximately 120 gigabytes of data specifically from Sapir College on the darknet and indicated theft from other educational entities such as Sakhnin College and the Police Academy in Beit Shemesh.

MalamTeam, the holding company that owns Rashim Software acknowledged that an updated system version capable of blocking the breach was released two years before the attack. However, the failure of several colleges to migrate to this updated platform resulted in the vulnerability being exploited.