Cyber Incident Victim: Portnox

On December 25, 2020, the Iran-linked hacking group Pay2Key publicly claimed responsibility for breaching Israeli cybersecurity firm Portnox. This announcement followed their recent compromise of Israel Aerospace Industries, continuing a pattern of cyberattacks against Israeli entities. The group released documents pertaining to several prominent Israeli organizations utilizing Portnox's services, including telecommunications provider Bezeq, defense contractor Elbit, airline El Al, and healthcare organization Clalit. Among the leaked materials was a confidential 15-page report from 2018 detailing security vulnerabilities at Elbit, a major defense company. Portnox acknowledged the breach was under investigation while disputing the scale of data exposure, confirming attackers had seized multiple terabytes of information but asserting only 3 gigabytes had been published publicly. The incident occurred amid heightened cyber hostilities between Israel and Iran, with multiple Israeli companies targeted throughout late 2020.

Security firm Check Point had previously issued warnings about Pay2Key in November 2020 following their ransomware campaigns against Israeli businesses. The group typically deployed ransomware demanding Bitcoin payments, though the Portnox breach's financial motives remained unclear. Cybersecurity analysts at ClearSky attributed Pay2Key's activities to Iranian state-sponsored information warfare operations designed to sow psychological disruption in Israel. The Portnox intrusion formed part of a broader offensive that included attacks on logistics firms and critical infrastructure providers. These cyber operations aligned with escalating geopolitical tensions, including reciprocal cyberattacks targeting Iranian-linked entities earlier in 2020. No further details regarding Portnox's internal investigation findings, specific remediation measures, or long-term operational impacts on affected organizations were disclosed in available reporting.