Pro-Iranian Hacktivists Set Sights on Israeli Industrial Control Systems

The hacktivists known as SiegedSec identify ICS targets, but theres no evidence of attacks yet.

The hacktivist group SiegedSec has claimed responsibility for a series of attacks against Israeli infrastructure and industrial control systems (ICS), but there is no indication that the listed IP addresses have experienced any attacks.
The hacking group put together a list of what it claims are its Israeli ICS targets, which was recently uncovered by SecurityScorecards Threat Research, Intelligence, Knowledge, and Engagement (STRIKE) Team. An image of the list — found via analysis of various dark Web groups — shows a series of IP addresses with the claim we have unleashed mass attacks on Israeli infrastructure.
According to
a new report from STRIKE
, SiegedSec
claims
it conducted a series of denial of service (DoS) attacks against a number of ICS devices and other Israeli infrastructure with the support of the pro-Iranian hacktivist group
Anonymous Sudan
. The purported targets included: global navigational satellite system receivers, building automation and control networks, and
Modbus ICS
— a communication protocol for communication between industrial electronic devices.
However, a sample of NetFlow data seen by SecurityScorecard does not indicate that the listed IP addresses had experienced volumes of traffic consistent with a DoS attack.
In the absence of reported disruptions to Israeli infrastructure, the available NetFlow sample appears to support assessments that SiegedSecs attacks were either unsuccessful or have not yet begun in earnest, the report said.
Other researchers
assessments
also determined that these attempts were likely to have been unsuccessful, and to conduct a DoS against these targets may be outside the attackers capability.
That said, rather than just being a list of targets the SiegedSec planned to hit, Robert Ames, staff threat researcher at SecurityScorecard, says the document could be a call to action to other attackers who could potentially take advantage of the target identification.
He says: This seems particularly likely given they also mentioned collaborating with Anonymous Sudan in the same post where they listed their targets. Groups like Anonymous Sudan and
KillNet
have, in the past, used their Telegram channels to name specific targets in hopes of enlisting further support from their channels followers.
Ames adds, SiegedSec is, in certain respects, comparable to Anonymous Sudan: Neither appears to possess the same sophistication or capabilities as a nation-state-backed advanced persistent threat group, but both appear to be motivated by publicity.
The SiegedSec group
appeared shortly
after the Russian invasion of Ukraine in 2022, and has conducted a series of attacks around that conflict, including an
alleged data theft
on the NATO Communities of Interest Cooperation Portal in July, followed by a second attack on
multiple NATO portals
earlier this month.
The group was also reportedly behind the
attack on Atlassian
in February, where a
third-party app was breached
, compromising employee data and floor plans of Atlassian offices located in San Francisco and Sydney, Australia.
To avoid compromise from this or any other attacker, SecurityScorecard recommended that organizations review the business necessity of exposing ICS devices to the wider Internet and place them behind a VPN or firewall when possible. Also, organizations should consider restricting access to ICS devices by adding dependent IPs to an allow list.
The firm also recommended blocking the listed IPs in SecurityScorecards
KillNet Bot Blocklist
, putting in DDoS mitigations, and configuring DNS resolvers and proxy servers to only accept requests from internal IP addresses and authorized users.
At the
start of last week
, the US National Security Agencys director of cybersecurity Rob Joyce
said
US intelligence had not observed evidence indicating there had been any significant cyberattacks so far in the Israeli-Hamas conflict.
Yet a
number of claims
of attacks were made at the start of last week, with Anonymous Sudan naming the Israeli government in online discussions as a main target, and the
AnonGhost hacktivist group
said it had managed to
breach the RedAlert airstrike warning app
to send messages.
Also,
information operations
entered the discussion last week when pro-Iranian and pro-Chinese groups were detected as being involved in anti-Israel propaganda campaigns.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Pro-Iranian Hacktivists Set Sights on Israeli Industrial Control Systems