Network Herald AMP
Startups

Israeli Firm Linked to 'Popa' Botnet — Shares Slide on Investigation

— David Chen 4 min read

Security researchers have tied the notorious 'Popa' botnet to a publicly-traded Israeli technology company, sending ripples through financial markets as investors reassess cybersecurity exposure across the sector. The disclosure, detailed in a joint report published this week, marks one of the first times investigators have formally connected a major botnet operation to a listed corporation.

What the Investigation Found

The Popa botnet, a network of compromised devices used to launch distributed denial-of-service attacks and distribute malware, has operated for more than three years according to cybersecurity firm Symantec. Researchers traced command-and-control servers to infrastructure owned by the Israeli firm, which operates in the cloud services space and employs roughly 340 people across offices in Tel Aviv and Berlin. The company, which requested anonymity pending the legal review, declined to comment on the specific allegations.

Symantec's report identified at least 90,000 infected devices worldwide that formed the backbone of the botnet's firepower. The infected machines, mostly home routers and internet-of-things devices, generated enough traffic to knock mid-sized websites offline, the researchers said. Federal authorities in the United States have opened a parallel inquiry, according to people familiar with the matter who spoke on condition of anonymity because the investigation remains active.

Market Reaction and Investor Concerns

Shares of similar Israeli technology firms dipped on Thursday following the news, with the Tel Aviv Tech Index falling 1.8 percent in afternoon trading. Analysts said the episode highlighted a overlooked risk: that publicly-listed companies could become inadvertent hosts for criminal infrastructure, whether through negligence or complicity.

Cyber intelligence firm Intel 471 issued a client alert warning that the incident could trigger closer scrutiny of how Israeli tech firms manage server infrastructure. The alert noted that several companies in the sector operate with minimal oversight of third-party data centres, a practice that creates blind spots for security teams. Investors in initial public offerings should demand more rigorous disclosures, the firm said.

Regulatory Pressure Mounting

The Israeli Ministry of Justice confirmed that its cybercrime unit is reviewing the Symantec findings. A spokesperson told reporters the ministry is coordinating with international counterparts and expects to release a formal statement within the coming weeks. If investigators determine the company knowingly facilitated the botnet, the consequences could include criminal charges, regulatory fines, and forced delisting from the Tel Aviv Stock Exchange.

Several shareholder advocacy groups have already called for emergency board meetings. Proxy advisory firm ISS recommended that investors demand independent audits of the company's cybersecurity governance at the next annual meeting, scheduled for March. The firm's market capitalisation stood at $620 million before the allegations surfaced.

Broader Implications for the Sector

The Popa botnet case arrives as Israeli cybersecurity firms are expanding aggressively into global markets. Israel ranks third worldwide for cybersecurity exports, trailing only the United States and the United Kingdom, according to trade data from the Israel Export Institute. That reputation now faces a test, industry observers said.

Startup Nation Central, a Tel Aviv-based research organisation, warned that association with criminal infrastructure could deter enterprise clients and government contracts. Several European Union agencies are reviewing their vendor approval processes in light of the findings, according to a document seen by this publication. The reviews could delay pending procurement deals worth an estimated $140 million, the document indicated.

What Comes Next

The company's board has hired external legal counsel and an independent cybersecurity firm to conduct its own audit. Results are expected within 45 days, according to a filing with the Tel Aviv Stock Exchange. If the audit confirms employee involvement or wilful ignorance, executives face potential personal liability under Israeli law.

For investors, the episode serves as a reminder that cybersecurity due diligence cannot stop at penetration testing. Analysts at Goldman Sachs published a note Friday urging portfolio managers to factor infrastructure oversight into their valuation models for cloud and hosting companies. The note estimated that roughly 12 percent of mid-cap tech firms globally operate without comprehensive third-party monitoring agreements.

Regulators in Washington are also monitoring the situation. The Securities and Exchange Commission declined to confirm whether it has opened a formal inquiry, but a spokesperson indicated that publicly traded companies are expected to disclose material cybersecurity incidents promptly. The next reporting deadline for the Israeli firm falls in April, when it must file its quarterly earnings and address shareholder questions directly.

See Also

Share:
#Cybersecurity #and #goldman sachs #united states

Read the full article on Network Herald

Full Article →