Iranian Group Claims 30TB Breach of Israeli Company IMCO Industries
An Iranian threat group is claiming a significant breach against IMCO Industries Ltd., an Israeli developer and manufacturer of electrical, electronic, mechanical, and electro-mechanical products. Cyber News - Erez Dasa reports that the group has published several documents as ostensible proof of the intrusion.
The attackers assert they possess 30TB of data, which they are offering for sale for $500,000. This isnβt just a data dump; itβs a monetized operation targeting critical infrastructure-adjacent companies. The sheer volume of data, if legitimate, suggests deep compromise.
This incident highlights the persistent, state-aligned targeting of Israeli industrial and defense sectors. The attackerβs calculus is clear: inflict economic damage, sow distrust, and gain intelligence, all while profiting from the stolen assets. Defenders need to recognize the geopolitical drivers behind these attacks.
What This Means For You
- If your organization is in critical manufacturing, defense, or any sector with ties to Israeli industry, this is a direct warning. Review your supply chain exposure immediately. Assume you are a target and harden your networks, especially OT/IT convergence points. Validate all external-facing services and ensure robust data exfiltration detection is in place.
π‘οΈ Detection Rules
3 rules Β· 6 SIEM formats3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free β export to any SIEM format via the Intel Bot.
Iranian Group Data Exfiltration Claim - IMCO Industries
Written by SCW Threat Desk