A threat actor has allegedly compromised Israel Railways, the state-owned company responsible for all passenger and freight rail transport in the country. In a recent post on a dark web forum, the actor claims to have obtained high-privilege system access and is now offering it for sale. Israel Railways is a critical component of the nation’s infrastructure, operating hundreds of stations and serving millions of passengers monthly, making any potential security breach a matter of significant public concern.
The threat actor attempted to substantiate their claims by posting samples of what appears to be internal system configurations. The provided evidence suggests a potential compromise revolving around the service’s Application Programming Interfaces (APIs). The actor revealed several API keys and backend URLs associated with the railway’s services, hosted on platforms like israelrail[.]azurefd[.]net and rail[.]co[.]il. This information could potentially allow unauthorized access to manipulate or retrieve sensitive operational data.
The exposed information allegedly includes:
- API Keys for train services
- Internal API and timetable base URLs
- Train service configuration details, including user agents and timeouts
