Presumed Cyber Attack on Zerto: Not for Financial or Espionage Purposes but for Political Reasons

Pietro Melillo : 24 June 2024 14:41

Recently, Handala, a malicious actor, posted on a well-known dark web forum, claiming a cyber attack against Zerto, a subsidiary of Hewlett Packard Enterprise (HPE). Zerto is renowned for its advanced solutions for disaster recovery, ransomware resilience, and workload mobility, specifically designed for virtualized infrastructures and cloud environments.

Handala (threat actor) attacked Zerto (one of the largest Zionist cybersecurity companies in the world).
Zerto, a Hewlett Packard Enterprise company, enables customers to manage always-on business by simplifying the protection, recovery, and mobility of on-premises and cloud applications. Zerto’s cloud data management and protection platform eliminates the risks and complexity of modernization and cloud adoption through private, public, and hybrid implementations.

The software-only platform uses continuous data protection at scale to converge disaster recovery, backup, and data mobility. Zerto is trusted by over 9,500 customers globally and powers offerings for Microsoft Azure, IBM Cloud, AWS, Google Cloud, Oracle Cloud, and more than 350 managed service providers. Zerto provides backup and recovery for SaaS applications like Microsoft 365, Dynamics 365, Azure Active Directory, Salesforce, Google Workspace, and more. This company has over $300 million in revenue!

These foolish Zionists can’t even provide their own cybersecurity; do you really think they can provide it to you? It’s ridiculous! 51 TB of data downloaded and deleted! Some emails sent…

The Handala Hacker Collective

Iscriviti GRATIS ai WorkShop Hands-On della RHC Conference 2025 (Giovedì 8 maggio 2025)

Il giorno giovedì 8 maggio 2025 presso il teatro Italia di Roma (a due passi dalla stazione termini e dalla metro B di Piazza Bologna), si terranno i workshop "hands-on", creati per far avvicinare i ragazzi (o persone di qualsiasi età) alla sicurezza informatica e alla tecnologia. Questo anno i workshop saranno:

Creare Un Sistema Ai Di Visual Object Tracking (Hands on)

Social Engineering 2.0: Alla Scoperta Delle Minacce DeepFake

Doxing Con Langflow: Stiamo Costruendo La Fine Della Privacy?

Come Hackerare Un Sito WordPress (Hands on)

Il Cyberbullismo Tra Virtuale E Reale

Come Entrare Nel Dark Web In Sicurezza (Hands on)

Potete iscrivervi gratuitamente all'evento, che è stato creato per poter ispirare i ragazzi verso la sicurezza informatica e la tecnologia.
Per ulteriori informazioni, scrivi a [email protected] oppure su Whatsapp al 379 163 8765

Supporta RHC attraverso:

• L'acquisto del fumetto sul Cybersecurity Awareness
• Ascoltando i nostri Podcast
• Seguendo RHC su WhatsApp
• Seguendo RHC su Telegram
• Scarica gratuitamente "Dark Mirror", il report sul ransomware di Dark Lab

Ti piacciono gli articoli di Red Hot Cyber? Non aspettare oltre, iscriviti alla newsletter settimanale per non perdere nessun articolo.

Handala is a pro-Palestinian hacker group known for its targeted attacks against Israeli entities and their allies. This group has gained notoriety for several high-profile operations, including sending threatening messages to Israeli citizens and claiming to have compromised Israel’s radar systems and Iron Dome missile defense. Handala’s attacks are often politically motivated, aimed at spreading political messages and destabilizing critical infrastructures.

Recently, Handala claimed an attack on the messaging app Viber, stating they had stolen 740 GB of data, including source code and other sensitive information. The group also demanded a ransom of 8 Bitcoin, equivalent to approximately $583,000, for the release of the stolen data.

Handala uses various advanced attack techniques, including phishing and SQL injection, to compromise their victims. Their activities are primarily motivated by support for the Palestinian cause, and they continue to target various sectors, including infrastructure, technology companies, and Israeli defense systems.

Motivations for the Attack

The malicious actor stated that the attack was not carried out for financial gain or industrial espionage but for political reasons.
“These foolish Zionists can’t even provide their own cybersecurity; do you really think they can provide it to you? It’s ridiculous!”
This statement highlights a growing trend of cyber attacks motivated by ideological causes rather than economic interests.

Impact of the Attack

The malicious actor’s post claims that 51 terabytes (TB) of data were stolen and subsequently deleted. This volume of data represents a significant amount of information, which could include:

• Sensitive Customer Data: Backup information, disaster recovery configurations, and ransomware resilience plans.
• Intellectual Property: Source codes, algorithms, and other intellectual properties developed by Zerto.
• Operational Data: Details about Zerto’s internal operations and IT infrastructure.

The malicious actor shared a Telegram channel in the post, likely used to disseminate further details about the attack and possibly coordinate further actions. The inclusion of an image related to the attack adds an additional layer of credibility to the claim.

Conclusion

The attack on Zerto serves as a severe warning to all companies operating in the cybersecurity and cloud computing sectors. The political motivation behind the attack adds a complex dimension to cybersecurity, requiring more sophisticated defense strategies and greater awareness of threats.

Pietro Melillo
Head of the Dark Lab group. A Computer Engineer specialised in Cyber Security with a deep passion for Hacking and technology, currently CISO of WURTH Italia, he was responsible for Cyber Threat Intelligence & Dark Web analysis services at IBM, carries out research and teaching activities on Cyber Threat Intelligence topics at the University of Sannio, as a Ph.D, author of scientific papers and development of tools to support cybersecurity activities. Leads the CTI Team "RHC DarkLab"