The Israeli newspaper Haaretz reported that the failed attack took place at the beginning of September and that all the companies involved were using Partner Communications, a major Israeli telecommunications company.
The incident was investigated by Mossad and the country's National Cyber Security Authority.
It quoted Tzahi Ganot, the co-founder of Pandora, a security firm which provides protection for workers in sensitive positions, as saying that the attackers appeared to have used the cellular networks of a foreign country to gain access to the executives' details.
“It’s a rare assault. The hackers send a message from a foreign cell network to an Israeli one, updating the client’s location. For example: ‘The client has just landed in Tbilisi, he has registered with our network. Please route his SMS messages via this network'," Ganot explained.
Very interesting.— Alon Gal (Under the Breach) (@UnderTheBreach) October 6, 2020
"Executives reportedly lost access to their Telegram and email clients, and consequently had their identities stolen, in the likely SMS spoofing incident that only appears to have hit users of the telecom giant known as Partner."https://t.co/tlzv21MnhH
"This is a necessary procedure for people entering a foreign country, whose cell phones are in ‘roaming’ mode.”
He explained that the attackers were likely to be from another country, and they had managed to hack into the cellular network of another country, and in this case that was likely the origin of the attack in Israel, if not additional ones in other countries..
Ganot's company was brought into the picture on 7 September by one of the executives, who contacted him after his phone was hacked and his Telegram account compromised.
The attackers had sent messages to his Telegram contacts, asking them to send cryptocurrency.
After Ganot posted news about this to his clients and also some digital currency groups, he received a flood of messages, all complaining of similar hacks.
Ganot, who formerly worked for the NSO Group, a firm that makes surveillance software, told Haaretz that the identity theft had been carried out by using SMS verification.
He said he had contacted Partner about the incident and claimed the telco had mishandled it from the start.
“Partner replied to our queries with ‘what does it have to do with us?’ ‘We don’t have a data security team,’ and ‘we have sales or customer service'," he said.
"One representative even suggested I join their anti-virus service for five shekels (A$2.06) a month."
He said he had then contacted Partner’s data security director Yaniv Sabag. “He asked for the victims’ details and phone numbers but afterward he asked that each one of them approach customer services separately and open a call, otherwise he wouldn’t be able to look into their cases," Ganot said.
"I can tell you that to this moment I haven’t been able to ‘open a call’ in Partner and I’m a business client of theirs - or, more accurately, I used to be one.
“Finally, Sabag said they were checking out the incident – but a few days later they cut off all communication, not only with us, but also with their hacked clients, and didn’t answer their queries.”
A Partner spokesperson told Haaretz: “There is no connection between this incident and Partner. Incidents like these can take place — especially during the coronavirus — to clients of other firms as well.”