COBALT SHADOW

Since late 2020 COBALT SHADOW has conducted multiple high-profile hack-and-leak attacks against companies in Israel, involving the distribution of personal information. These attacks appear designed to cause political embarrassment by harassing businesses and individuals in Israel, creating a climate of fear and intimidation. This group focuses on targeting a smaller number of victims but maximising the publicity of leaking sensitive information, including medical data. COBALT SHADOW is reported to have engaged in negotiations for extortion payments but frequently increases the demands and publicises the negotiations, likely a tactic to draw out the impact and visibility of their attacks.

COBALT SHADOW use their custom malware, Apostle, to wipe data and perform ransomware style attacks. The group maintains a leak site and has attempted to use multiple personas to offer data for sale in cybercrime forums.