Hacktivist Group GhostSec Attack Israel

A hacking group called GhostSec has claimed that they breached the network at Berghof, an Israeli company specialising in municipal industrial applications and operating technology, including filtration & separation which uses Programmable Logic Control devices (PLCs). 

In the message it published on social media, GhostSec attached a video demonstrating a successful log-in to the Berghof's PLC admin panel, together with an image of a screen showing its current operating status and a second image showing that at least one PLC had stopped.

Industrial cyber security firm OTORIO has analysed the incident and reports that the breach was made possible because the PLCs were accessible through the Internet and were secured by weak and guessable password and access credentials. OTORIO said the system dumps and screenshots were exported directly from the admin panel following unauthorised access to the controllers through their public IP addresses.

Details of the compromise first came to light after GhostSec shared a video on its Telegram channel demonstrating a successful login to the Berghof admin panel, in addition to dumping data from the hacked controllers.

The attacks against Israeli targets, dubbed "#OpIsrael," is said to have commenced on June 28, 2022, citing "continuous attacks from Israel towards Palestinians."  In the intervening period, GhostSec has carried out a number of attacks, including those aimed at internet-exposed interfaces belonging to telecoms firm Bezeq and a MATAM  electrical power meter. 

OTORIO:    GhostSec:     HackerNews:     Cyebresecuiity-Help:    Industrial Cyber

You Might Also Read: 

Hackers Fail To Contaminate Florida Water:

 

« US Defence Needs New Software at the Centre of its Operations
Check Point Launches Horizon Security »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ON-DEMAND WEBINAR: Future-proof your security with Secure Access Service Edge (SASE)

ON-DEMAND WEBINAR: Future-proof your security with Secure Access Service Edge (SASE)

Watch this webinar to explore the Security orchestration, automation, and response (SOAR) paradigm, its relationship with organization IT practices, and its role in your security strategy.

E-core

E-core

e-Core offers the highest quality standards in offsite software development, quality assurance, and application support services

E-Tech Computing

E-Tech Computing

E-Tech has been providing system support and information technology consulting services including Internet and Network Security assessments.

Landry Consulting

Landry Consulting

Landry & Associates is a multidisciplinary firm specializing in risk management, performance and technology management.

IASME Consortium

IASME Consortium

IASME is one of five companies appointed as Accreditation Bodies for assessing and certifying against the UK Government's Cyber Essentials Scheme.

Blueliv

Blueliv

Blueliv is a leading provider of targeted cyber threat information and intelligence. We deliver automated and actionable threat intelligence to protect the enterprise and manage your digital risk.

World Privacy Forum (WPF)

World Privacy Forum (WPF)

The World Privacy Forum is a non-profit public interest research group that focuses on privacy and technology issues.

Cyber8Lab

Cyber8Lab

Cyber8Lab provides cybersecurity training programmes simulating real world cybersecurity incidents such as web defacement, malware, phishing, digital forensics analysis and wireless intrusion.

Cyverse

Cyverse

Cyverse is a cyber-security firm which provides corporations with state-of-the-art cyber-security service-based and technological solutions made in Israel.

Digital Arts

Digital Arts

Digital Arts provides internet security software and appliance products for companies and individuals.

Enigmatos

Enigmatos

Enigmatos is an Israeli based Automotive Cyber Security company. We provide solutions to the ever growing threat of vehicle hacking.

NFIR

NFIR

NFIR is a specialist in the field of cyber security incident response and digital forensics.

ABS Group

ABS Group

ABS Group provides risk and reliability solutions and technical services that help clients confirm the safety, integrity and security of critical assets and operations.

CloudVector

CloudVector

CloudVector's API Detection & Response platform is the only API Threat Protection solution that goes beyond the gateway to provide Shadow API Prevention and Deep API Risk Monitoring and Remediation.

Converge Technology Solutions

Converge Technology Solutions

Converge Technology Solutions Corp. is a North American IT solution provider delivering advanced analytics, cloud, cybersecurity, and managed services solutions.

AI Spera

AI Spera

AI-Driven Cyber Threat Intelligence Security. AI Spera provides real-time intelligence to empower your security competences in all aspects of the business.

Gem Security

Gem Security

Gem is on a mission to help security operations evolve into the cloud era, and stop cloud threats before they become incidents.