Worldwide Hacktivists Take Sides Over Gaza, With Little to Show for It

  /     /     /  
Publicated : 23/11/2024   Category : security


Worldwide Hacktivists Take Sides Over Gaza, With Little to Show for It


Keyboard warriors are claiming to contribute to the Gaza war with OT attacks. You should be skeptical.



Against the backdrop of the war in Gaza,
hacktivists across the globe
are
announcing industrial-grade cyberattacks
in support of either Palestine or Israel, though little evidence backs up most of the stories.
In scouring online forums,
researchers from SecurityScorecard have observed
hackers from the Middle East, Asia, and Europe all asserting breaches of Israeli organizations or, sometimes, similar organizations in countries aligned with the Palestinian cause, such as Iran.
But in a closer inspection of Israels industrial sector, the analysts were unable to find compelling evidence to support any such attacks.
Theres a lot of supposedly breached data circling around Telegram, for example, says Rob Ames, staff threat researcher at SecurityScorecard, but most of that is either from old breaches, or its publicly available information which would take a very broad definition of PII to actually seem to be as sensitive as the threat actors are claiming.
Beyond Israels neighbors, hacktivist operations in Muslim-majority countries such as Indonesia and Malaysia have added to the online hubbub.
Some have claimed standard data breaches:
Others have gone a step further, posting human machine interface (HMI) visualizations to demonstrate access to industrial infrastructure sites:
Such cases have
popped up around the world
in the month since the first attack on Oct. 7. Early on in the conflict, it was Russian or Russian-backed groups that were making the loudest claims with distributed denial-of-service (DDoS) attacks — KillNet, Anonymous Sudan — and I noticed Hamas channels reposting videos from Iraqi Shia groups, Ames recalls.
And then on the pro-Israel side, weve seen Indian and Ukrainian activist groups start to go after targets like Iran, he adds.
For one case study, consider the
so-called Soldiers of Solomon.
The religiously inspired threat actor has spoken of taking down an Israeli power station, stealing over 25TB of data from an IDF military installation, and disrupting production at a flour plant in Haifa.
Dark Reading has not been able to independently confirm any Soldier of Solomon attacks, but some of them have been picked up by Western media outlets, including
FalconFeeds
and
SecurityWeek
.
Inspired by one purported compromise to water treatment —
one of the most sensitive cyber sectors imaginable
— SecurityScorecard recently analyzed 402,354 individual traffic flows to and from 36 Israeli IP addresses associated with the sector, during the period in which hackers, ƬΉΣ ᑕYBΣЯ ЩΛƬᑕΉΣЯƧ and STUCX TEAM, claimed victory.
Of those 400,000-plus flows, 5,670 involved IP addresses using virtual private networks (VPNs) and other proxy software, or the Tor Onion router, popular tools for malicious actors. Still, the researchers have noted, the traffic did not offer clear evidence of the claimed compromise.
To broaden the picture, the researchers scanned for Internet-exposed devices at the relevant plants, finding none that werent at the very least protected by a firewall. They also scanned for logins using compromised credentials, finding only one case from a Gmail address which, they wrote, may suggest that the credentials correspond to a customer account or provide access to an otherwise external-facing resource.
This is why even though there have been plenty of claims, I havent yet seen any of them that I would say are confirmed, Ames concludes.
Just in case one of these stories isnt an exaggeration, though, he recommends a number of protective steps critical organizations can take against hacktivist-level actors, including standard DDoS protections and firewalls that keep Internet users from breaching operational systems.
Thats something fairly basic that you want to do, because it puts one more barrier between threat actors and your SCADA systems or, even more broadly, your databases and remote desktops, he explains. Because if our fairly noninvasive Internet scans can observe an ICS device then, definitely, other malicious scans are seeing the same things.

Last News

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security

▸ Hack Your Hotel Room ◂
Discovered: 23/12/2024
Category: security

▸ Website hacks happened during World Cup final. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Worldwide Hacktivists Take Sides Over Gaza, With Little to Show for It