Israeli Domain Registrar Galcomm Data Allegedly Leaked

/MEDIUM
Written by SCW Threat Desk Threat Intelligence
SCW israel
Israeli Domain Registrar Galcomm Data Allegedly Leaked

An attacker has reportedly published data allegedly belonging to Galcomm, a prominent Israeli domain registrar. Cyber News - Erez Dasa reports that this information appears to have been exfiltrated directly from Galcomm’s website. The full scope and sensitivity of the exposed data remain unclear, and there’s a possibility it could be outdated or recycled from previous incidents.

While the direct impact isn’t fully assessed, any data leak from a domain registrar is a significant concern. Such entities hold critical information including registrant details, technical contacts, and potentially even administrative credentials for domain management. Attackers could leverage this data for further phishing campaigns, domain hijacking attempts, or to map out an organization’s digital footprint for future attacks.

Defenders need to assume this data is now in circulation. Even if ‘old,’ it can still fuel social engineering or credential stuffing against users who haven’t rotated passwords. CISOs should be scrutinizing any new influx of phishing attempts targeting their organizations, particularly those seemingly tailored with domain-specific information.

What This Means For You

  • If your organization uses Galcomm for domain registration, or if your employees have registered domains through them, assume associated data is compromised. Mandate password rotations for any accounts linked to Galcomm and educate users on increased phishing risks. Review all domain-related logs for unusual activity.

🛡️ Detection Rules

3 rules · 6 SIEM formats

3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.

critical T1190 Initial Access

Galcomm Data Exfiltration - Web Server Access

Sigma YAML — free preview
✓ Sigma · Splunk SPL Sentinel KQL Elastic QRadar AQL Wazuh Export via Bot →

Written by SCW Threat Desk

Related Posts

North Korea's KalepDao Heist: A Masterclass in Multi-Vector Attack

Cyber News - Erez Dasa highlights the sophisticated multi-vector attack that led to the theft of hundreds of millions of dollars from the KalepDao project,...

israel
/SCW Threat Desk /MEDIUM /⚙ 3 Sigma

Bluetooth Tracker in Greeting Card Exposes Dutch Warship Location

Cyber Updates - Asher Tamam reports on a significant operational security blunder within the Dutch Navy. Journalist Joost Verwaart uncovered that a seemingly innocent greeting...

israeldata-breach
/SCW Threat Desk /MEDIUM /⚙ 3 Sigma

Vercel Breach: ShinyHunters Claims Internal System Access, Data Theft

Vercel has confirmed a cybersecurity incident where attackers gained access to internal systems. Cyber News - Erez Dasa reports that the ShinyHunters group has taken...

israel
/SCW Threat Desk /MEDIUM /⚙ 3 Sigma