Hacktivists Trageting Critical ICS Infrastructure in Israel and Palestine

As the conflict escalates on the ground, hacktivists are gearing up for cyberwar.

Amidst the escalating conflict between Palestine and Israel, both pro-Palestinian and pro-Israeli hacktivists are targeting critical Industrial Control Systems (ICS) that are vulnerable.

Several cybersecurity firms have reported that pro-Israeli and pro-Palestinian hacktivists are eyeing industrial control systems (ICS) amidst the growing tension between the two countries. ICSs could be a target of interest because hundreds of these systems are still vulnerable to exploitation.

Waqas Ahmed, the founder and editor of Hackread.com, noted that hacktivists typically resort to DDoS attacks or small-scale data leaks, especially during unfortunate escalations in the conflict between Palestine and Israel. However, in this case, they have escalated their activities to a higher level. An example of this escalation is AnonGhost, who hacked the Israeli rocket alert app Red Alert to send thousands of fake nuclear bomb alerts to Israeli smartphones.

AnonGhost posting their claims on Telegram (Screenshot: Telegram – Hackread.com)

Many hacktivists are looking to disrupt critical infrastructure and claim headlines because a cyberattack on critical infrastructure can cause severe economic, safety, operational, and reputational damage. Many ICSs, which are computerized systems installed to monitor/manage mechanical processes in different industries, remain exposed to such threats. 

In a report, CyberNews revealed that several Israeli organizations have exposed the SCADA communications protocol called Modbus. Around 400 exposed systems were identified along with 150 open Message Queuing Telemetry Transport (MQTT) ports. These ports manage communications between SCADA and MES (manufacturing execution system).

What’s worth noting is that this is not just in Israel, many Palestinian firms also have exposed MODBUS and MQTT, and in addition to that, have exposed Siemens automation and Symantec systems. Therefore, it isn’t surprising that threat actors are aiming to target them.

According to Microsoft, a Gaza-based threat actor Storm-1133, has started targeting Israeli private-sector, telecom, and defense organizations. This group is affiliated with Hamas, which controls the Gaza Strip. This means the fight has already started in the cyber realm.

Microsoft’s annual Digital Defense Report reveals that Storm-1133 uses different social engineering techniques and fake LinkedIn profiles to lure employees to Israeli organizations. They send phishing emails, deliver malware, conduct espionage, and even infiltrate third-party organizations having public ties to achieve their objectives. After the group gains access to its target organization, it deploys backdoors. It avoids detection by regularly updating its C2 infrastructure.

There are reports that the Israeli government and media outlets have also become targets of hacktivists. A multitude of attacks, mostly DDoS, are observed targeting Israeli organizations/entities. However, not all threat actors have claimed allegiance with any of the two parties involved. Such as ThreatSec intends to target both sides simultaneously.

“As you might know, we don’t like Israel, but… We also don’t like War! Soooo, as we have attacked Israel in the past, we now attack the Gaza region, where many of the Hamas fighters are located!” the group wrote on Telegram and claimed to own every server of Alfanet.ps, including Gaza strip’s biggest ISP Quintiez Alfa.

For your information, ThreatSec is one of the five families of the world’s most well-organized groups. The others include GhostSec, Stormous, SiegedSec, and Blackforums. Many other groups are actively targeting Israeli and Palestinian organizations.

Hacktivists Trageting Critical ICS Infrastructure in Israel and Palestine
In the ongoing conflicts, The Archivists Domain and ThreatSec have targeted Palestinian infrastructure, with The Siegedsec supporting the Palestinian side. Additionally, the Gonjeshke Darande group has been targeting Iran. (Screenshots: Hackread.com)

On Sunday, the website gov.il became inaccessible worldwide, and the Russian Killnet group took responsibility for the attack on Telegram. Killnet later stated that they won’t target ordinary Israeli citizens as they are after the regime that “sold itself to NATO.”

“The atrocities that Hamas or Israel commit against civilians are terrible! We exclude the possibility of attacking the critical infrastructure of both sides!” the gang noted on Telegram.

Microsoft’s researchers noted that nation-state threat actors are more interested in long-term espionage campaigns. Israel, the US, Ukraine, and South Korea are some of the most regularly targeted nations in the MENA and Asia-Pacific regions.

  1. Israel’s Channel 10 TV Station Hacked by Hamas
  2. Israeli Oil Refinery Giant BAZAN Hit by Fresh Wave of Cyber Attacks
  3. Hackers interrupt Eurovision webcast in Israel with missile attack alert
  4. Hamas hackers posed as women to con IDF into downloading malware
  5. Israel Faces Fresh Wave of Cyberattacks Targeting Critical Infrastructure
Related Posts