A cybersecurity incident has shaken Israel’s transportation sector after the hacker group Cyber Toufan Operations allegedly infiltrated Safe Transportation, a company specializing in logistics and vehicle software solutions.
According to an alert issued by FalconFeeds.io, a threat intelligence platform currently investigating the breach, the attackers exfiltrated over 2,000 customer documents containing personal identity data, internal communications, financial records, and proprietary software.
The breach underscores escalating cyber threats against critical infrastructure providers in the transportation industry, particularly in geopolitically sensitive regions like Israel.
Scope of the Breach and Compromised Assets
The attackers reportedly accessed a trove of sensitive information, including personally identifiable information (PII) such as government-issued IDs, residential addresses, and personal photographs of customers and employees.
Internal company messages—spanning project discussions, operational protocols, and customer service interactions—were also leaked, potentially exposing proprietary business strategies.
Of particular concern is the theft of financial transaction records, which include receipts, contracts, and payment histories tied to Safe Transportation’s clientele.
Such data could enable follow-on attacks like invoice fraud or targeted phishing campaigns against affected individuals.
The breach extended to the company’s intellectual property, with Cyber Toufan Operations claiming access to “ZivCar,” a software solution sold by Safe Transportation for fleet management and vehicle diagnostics.
The theft of this software raises alarms about potential reverse-engineering efforts to identify vulnerabilities or replicate functionality for malicious purposes.
Security analysts speculate that the attackers may have exploited unpatched vulnerabilities in Safe Transportation’s network, a common vector in supply chain attacks targeting software providers.
Cyber Toufan Operations: Motivations and Modus Operandi
While the group’s exact affiliation remains unconfirmed, its name—Arabic for “storm”—suggests ideological motivations aligned with regional tensions.
Cybersecurity firm Cyberint noted a surge in attacks on Israeli critical infrastructure by hacktivist groups in 2025, including the Handala Hack collective’s breaches of police and government systems.
Cyber Toufan’s focus on exfiltrating both customer data and proprietary software mirrors tactics employed by ransomware groups like LockBit 3.0 and RansomHub, which monetize stolen data through extortion or dark web sales.
However, the absence of a ransom demand in this case points to potential state-sponsored activity aimed at corporate espionage or destabilization.
Implications for the Transportation Sector
The Safe Transportation breach highlights systemic vulnerabilities in the transportation and logistics industry, which has faced 14 major cyberattacks since 2024, including ransomware incidents at DP World Australia and the Port of Seattle.
Such attacks often exploit outdated operational technology (OT) systems and insufficient segmentation between corporate IT networks and critical infrastructure.
The compromise of “ZivCar” software also illustrates risks inherent in third-party software dependencies, where a single vulnerability can cascade across multiple clients.
For affected customers, the exposure of PII and financial records heightens risks of identity theft and social engineering. Security experts recommend vigilant monitoring of financial accounts and enabling multi-factor authentication (MFA) on all online services.
Organizations relying on Safe Transportation’s software are advised to conduct immediate security audits and isolate legacy systems that interact with ZivCar.
Response and Mitigation Efforts
As of February 24, 2025, Safe Transportation has not publicly acknowledged the breach, a delay criticized by cybersecurity professionals.
FalconFeeds.io confirmed the authenticity of the leaked sample data but cautioned against interacting with posts from its recently compromised X account.
The Israeli National Cyber Directorate (INCD) is likely coordinating with international agencies, given the cross-border implications of stolen customer data and software.
Darktrace analysts emphasize the need for behavioral-based threat detection in transportation networks, as traditional signature-based tools often fail to flag novel attack patterns.
Meanwhile, SafeBreach researchers stress the importance of adversarial simulation to identify vulnerabilities in payment and logistics systems before attackers do.
The Cyber Toufan Operations breach serves as a stark reminder of the interconnected risks facing the transportation sector.
As geopolitical tensions fuel cyber aggression, companies must prioritize zero-trust architectures, real-time threat intelligence, and robust software supply chain controls.
For Safe Transportation, the path to recovery will require transparent communication with stakeholders, rigorous forensic analysis, and a commitment to securing the “ZivCar” ecosystem against future exploitation.
Also Read:
%20(1).webp?w=1200&resize=1200,0&ssl=1&description=The attackers exfiltrated over 2,000 customer documents containing personal identity data, internal communications, and financial records.){kind=link}