Fallacies & Propaganda Shaping Perceptions

The Israel-Palestine tensions have sparked once again in 2023, raging a full-scale armed conflict between the two states. Israel and Palestine have been at loggerheads since the early 20th century, with major escalations since 2008. Studies indicate that so far, the 2014 conflict witnessed unprecedented carnage between the estranged neighbors, but analysis of the conflict of 2023 raises worries of an even higher casualty count than before.

The war zone in Gaza has also attracted a lot of reprisal attacks from Hacktivists and Threat Actors (TAs), as was expected considering the trend observed from 2012. Further, cyberattacks are often complementary tactics in the context of modern warfare, a trend witnessed even before the outset of the Russia-Ukraine conflict in early 2022.

Cyble Research & Intelligence Labs (CRIL) has been curating specific intel amidst the fog of cyber-attacks by hacktivists and different threat actors to capture peculiar developments in the cyber theatre. We have observed several hacktivists and threat actors employing different malicious techniques to exploit the weaknesses in vital infrastructures and disrupt their functioning.

The attacks on critical infrastructures have been the key attack vectors traditionally adopted by state-backed actors and ransomware groups. However, the dynamics of the Russia-Ukraine and Israel-Palestine conflict have added even the Hacktivist groups to this threat scope, thereby increasing the worries for the nations and also the businesses contributing to the critical infrastructures.

This threat scenario raises concerns about how technological advancements, ideological differences, and deleterious zeal have capacitated Hacktivists to take a leap from cyber activism to cyber terrorism.

Cyber Av3ngers

The hacktivist group ‘Cyber Av3ngers’ has historically claimed attacks on Israel’s critical infrastructures. Possibly with Iranian origins, the hacktivist group has been launching DDoS attacks and claiming breach of Israeli networks with supporting data leaks.

The group carried out multiple attacks on Israeli critical infrastructures from September 13 to September 17, 2023, but seized their operations to reinitiate their activities from September 30 with certain remarks indicating that the group allegedly carried out a recon on certain Israeli network infrastructures and announced on October 5, the day of the attack as October 6, 6 PM (GMT+3), i.e. 6 PM timing in Israel. The hacktivist group launched their attacks on October 6, some 12 hours before the Hamas hailed rockets on Israel at about 6 AM, IDT.

October 6, 2023

The group claimed to target Noga Company and claimed responsibility for power outages. The hacktivist group claims to be behind power outages in certain areas of Israel since 2020 and has shared multiple news articles about the same.

Further, the group posted screenshots indicating a DDOS attack on Noga company, along with images of RS Logic 500 Pro, which is used to design and implement ladder logic programs for Programmable Logic Controllers (PLC). However, none of the screenshots of PLC systems indicate an attack on Noga.

October 10, 2023

The group claimed to have hacked MEKOROT National Water Company; The group shared the video as proof showcasing their access to MEKOROT Water Company CCTV. On the same day, the group shared a screenshot of the script, which fetched Industrial Control System devices such as Programmable logic controllers, SCADA software, Hikvision cameras, etc, as shown below.

The IP shown in the screenshot indicates the RDP port (figure); Cyble’s proprietary attack surface discovery tool ODIN shows that the IP has an RDP port exposed over the internet, as shown in the figure below.

Moreover, it’s noteworthy that the Government of Israel subsequently released an alert for – “Remote access, management and control interfaces exposed to the Internet”.

October 14, 2023

The group claimed to have hacked ORPAK Systems, a Fuel Fleet and Retail Management Solutions company in Israel. The screenshot of the claim indicates that the group compromised “SiteOmat,” a forecourt controller software developed by Orpak Systems. As shown in figure – 1, The group further shared leaked data on one of the prominent cybercrime forums.

October 17, 2023

Haghjoyan

A newly emerged hacktivist group named ‘Haghojoyan’ or the Peace Seekers as they claim, with the group’s profile photo similar to that of the Iranian Justice System, initiated their activities on a Telegram channel on October 7.

AnonGhost

Hacktivist Group AnonGhost Official claimed to have hacked the Red Alert National Emergency phone application on October 8, 2023, and claimed to generate multiple false alerts in the application to its users. They falsely alerted the users of the Nuclear Bomb threat and claimed to target about 10k to 20k users to cause panic amongst the public.

Further, the Hacktivist also shared a Proof of Concept (PoC) to exploit the Red Alert system to target the users’ phones. They claimed that the exploit would disconnect the users’ mobile from the internet and ultimately render it useless.

The hacktivist group has claimed to have targeted the emergency system several times since then.

Conclusion

The collaboration of various hacktivist groups in launching attacks on critical infrastructure assets is a great concern for private and public entities. However, the claims made by these groups remain questionable, with growing misinformation/disinformation campaigns launched by foreign entities and inadequate proof shared by these groups.

Organizations and individuals must remain vigilant and skeptical of the information shared by these groups. While some of their actions may be justified in their perspective and ideological inclinations, it is important to verify the authenticity of their claims and the impact of their attacks. The consequences of these attacks can be far-reaching, affecting the targeted entities and the general public.

SUMBER : WEBSITE CRIL