In recent years, the world has witnessed an alarming increase in nation-state-sponsored cyber-attacks. These attacks are becoming more sophisticated and are posing a significant threat to global security.

The effect of  this threat in consumer space is not conspicuous too often, but poses great damage to a country and affects directly or indirectly its population.

In the wake of recent Israel Palestine conflict we have noticed some noteworthy activities across different threat actors and hacktivists. There is a degree of sophistication and craftsmanship in all the attack we observe highly motivated with the conflict biases.

Reported by security affairs early October, the theme of hacktivists seems to be taking control of SCADA and ICS systems which impact directly to the social security of general public.

SCADA (Supervisory Control and Data Acquisition) and ICS (Industrial Control Systems) are two terms that are often used interchangeably, but they have distinct meanings.

SCADA is a specific type of ICS that is used to monitor and control large-scale industrial processes, such as power grids, oil and gas pipelines, and water treatment plants.

SCADA systems typically consist of a central control center, remote terminal units (RTUs), and sensors. RTUs collect data from sensors and send it to the control center, where operators can monitor the process and make adjustments as needed.

Reportedly Garuna and TeamHDP supported Israel and targeted Hamas websites and the Islamic University of Gaza. Similarly ThreatSec a pro-Israeli group that claimed to have compormised the infrastructure of Gaza based ISP AlfaNet.

Though ThreatSec haven’t claimed any allegiance to Israel, they are boasting about attacking both sides alike.

“As you might know, we don’t like Israel, but… We also don’t like War! Soooo, as we have attacked Israel in the past, we now attack the Gaza region, where many of the Hamas fighters are located!” the gang wrote on Telegram, claiming that it had shut down nearly every server owned by Alfanet.ps – including Quintiez Alfa General Trading, which is one of the biggest ISPs (internet service providers) in the Gaza Strip.

ThreatSec is part of the “Five Families” – notorious and highly organised gangs (the others are GhostSec, Stormous, Blackforums, and SiegedSec) that collaborate on launching big cyberattacks.

Mantas Sasnauskas, head of the Cybernews research team, highlighted that many hacktivists go after various ICSs in an attempt to disrupt critical infrastructure and draw international attention.

Since a cyberattack on critical infrastructure can have serious repercussions, including operational disruptions, safety hazards, economic costs, and reputational damage, cybersecurity should be a top priority in the organisations that administer them.

Unfortunately, that’s not always the case. An analysis by the Cybernews research team reveals that many ICSs are exposed, and threat actors can easily take advantage of sloppy security practices.

There are retaliatory attacks from Hamas as well like “Anonymous Sudan” targetting Israel’s emergency warning systems and the Jerusalem post shortly after the conflict began. Another pro-Hamas group “Cyber Av3ngers” targeted Israel’s power grid organisation Noga and the Israel Electric corporation.

We seen pro-Russian group Killnet taking sides with Palestinian cause and attacking several government websites. There was a call for support from “Ghosts of Palestine” to attack infrastructure in Israel and USA.

From Libya, a group called “Libyan Ghosts” defaced small Israeli websites in support of Hamas.

A recent report published in Darkreading reports a Pro-Palestinian cyber espionage group TA402 focused on compromising government targets in Middle East has improved its attack tools with a sophisticated initial access downloader.

TA402 aka Molerats and Frankestein which has been active for more than a decade, rolled out a new sophisticated tool named IronWind, which it used in three campaigns aimed at compromising systems within government agencies throughout the Middle East and Northern Africa, security firm Proofpoint stated in an analysis published on 14 Nov.

Nation-state cyberwarfare is a growing threat to global security. These attacks are becoming more sophisticated and are posing a significant risk to critical infrastructure, sensitive information, and international relations.

It is important for countries to take steps to protect themselves from cyberattacks, and to cooperate on a global level to address this threat. While we are aware of the conflict and diplomatic tussles there is a war being carried out in Cyber space which is as lethal as boots on ground.

Hacktivists in Palestine and Israel after SCADA and other industrial control systems

References:

https://cyware.com/news/multiple-cybercrime-groups-join-in-on-the-israel-hamas-conflict-61b95ebc

https://www.darkreading.com/dr-global/molerats-group-wields-custom-cyber-tool-to-steal-secrets-in-middle-east

https://www.proofpoint.com/us/blog/threat-insight/ta402-uses-complex-ironwind-infection-chains-target-middle-east-based-government