GhostSec hacktivist group attacked PLCs in Israel

September 15, 2022
GhostSec Hacktivist Hacker Group Cyberattack PLCs Israel

The GhostSec hacktivist group claimed that they had compromised over 50 Berghof programmable logic controllers (PLCs) used by Israeli entities as part of the “Free Palestine” campaign.

A cybersecurity organisation has further examined the hacktivist group’s attack and stated that the breach was executed after the PLCs were accessible via the Internet. Moreover, the PLCs were poorly secured since the credentials were very guessable.

The information regarding the attack first occurred earlier this month after the hacktivist group shared a video on its Telegram account demonstrating a successful breach of the PLC’s administrative panel. Additionally, dumped data were also seen from the hacked controllers.

The company in Israel stated that the screenshots and system dumps were exported directly from the administrative panel after unauthorised access to the controllers happened through the country’s public IP addresses.

 

The GhostSec hacktivist group is also known as Ghost Security.

 

The GhostSec hacktivist group was first identified by experts nearly a decade ago. The collective is a self-proclaimed vigilante group that hackers formed to target the ISIS group’s website that teaches Islamic extremism.

Earlier this year, the group supported Ukraine after the Russian government declared its intentions against the targeted territory. Furthermore, the group has also participated in a campaign targeting Israeli enterprises and organisations.

Cybersecurity researchers named the coordinated attacks against Israeli entities #OpIsrael. This movement commenced in June after Israel continued to attack Palestinians.

In the intervening time, GhostSec has operated numerous attacks, such as those aimed at the internet-exposed interfaces owned by Bezeq International and an ELNET power meter based at the Scientific Industries Center in Matam.

The attack against the Berghof PLCs is part of the threat actor’s transition to target the ICS or SCADA domain. However, it seems to be a case where the hacktivist group exploited easily overlooked misconfigurations of industrial systems to execute their attacks.

As of now, the GhostSec hacktivist group has continued to publish more screenshots that claim to have acquired access to another control panel that they can utilise to alter pH and chlorine levels in the water supply of Israel.

However, the group clarified that they have no intention to alter the waters in Israel since they do not want to inflict damage on innocent lives.

About the author

Leave a Reply