Hacktivist Group GhostSec Attack Israel

A hacking group called GhostSec has claimed that they breached the network at Berghof, an Israeli company specialising in municipal industrial applications and operating technology, including filtration & separation which uses Programmable Logic Control devices (PLCs). 

In the message it published on social media, GhostSec attached a video demonstrating a successful log-in to the Berghof's PLC admin panel, together with an image of a screen showing its current operating status and a second image showing that at least one PLC had stopped.

Industrial cyber security firm OTORIO has analysed the incident and reports that the breach was made possible because the PLCs were accessible through the Internet and were secured by weak and guessable password and access credentials. OTORIO said the system dumps and screenshots were exported directly from the admin panel following unauthorised access to the controllers through their public IP addresses.

Details of the compromise first came to light after GhostSec shared a video on its Telegram channel demonstrating a successful login to the Berghof admin panel, in addition to dumping data from the hacked controllers.

The attacks against Israeli targets, dubbed "#OpIsrael," is said to have commenced on June 28, 2022, citing "continuous attacks from Israel towards Palestinians."  In the intervening period, GhostSec has carried out a number of attacks, including those aimed at internet-exposed interfaces belonging to telecoms firm Bezeq and a MATAM  electrical power meter. 

OTORIO:    GhostSec:     HackerNews:     Cyebresecuiity-Help:    Industrial Cyber

You Might Also Read: 

Hackers Fail To Contaminate Florida Water:

 

« US Defence Needs New Software at the Centre of its Operations
Check Point Launches Horizon Security »

CyberSecurity Jobsite
Check Point

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Perforce Software

Perforce Software

Perforce helps companies build complex software products more collaboratively, securely, and efficiently.

Senetas

Senetas

Senetas is a leading developer and manufacturer of certified high-assurance encryption solutions, dedicated to protecting network transmitted data without compromising performance.

Zymr

Zymr

Zymr specialize in cloud computing solutions including Cloud Security, Cloud Mobility, Cloud Apps, Cloud Infrastructure and Cloud Orchestration.

Blue Lights Digital

Blue Lights Digital

Blue Lights Digital have developed a range of platforms to support digital investigations, as well as providing continued support and education for investigations professionals.

ThreatMark

ThreatMark

ThreatMark provides fraud detection solutions for digital banking and payments.

Intelligent Business Solutions Cyprus (IBSCY)

Intelligent Business Solutions Cyprus (IBSCY)

IBSCY Ltd is a leading provider of total IT solutions and services in Cyprus specializing in the areas of cloud services and applications, systems integration, IT infrastructure and security.

Blue Hexagon

Blue Hexagon

Blue Hexagon is a deep learning innovator focused on protecting organizations from cyberthreats.

Atakama

Atakama

With Atakama, data remains encrypted until the very moment it is used, and the ability to decrypt is based on zero trust architecture.

Solvere One

Solvere One

Solvere One is a managed service provider (MSP) focused on corporate consulting and partnership.

WithSecure

WithSecure

WithSecure (formerly F-Secure Business) is your reliable cyber security partner, providing outcome-based cyber security that protects and enables operations.

Sababa Security

Sababa Security

Sababa Security is the first Italian innovation cyber security vendor, that provides security products, training, and managed services to protect diverse IT and OT environments.

Espria

Espria

Espria is a leading independent managed service provider with expertise in Cloud, IT, Communications and Document Solutions.

Ethnos Cyber

Ethnos Cyber

Ethnos Cyber is Africa’s leading cybersecurity and compliance management company. We provide Information Security, Risk Management, Cybersecurity and Compliance Management solutions to clients.

QPoint Technologies

QPoint Technologies

QPoint provides solutions and consulting in areas including software engineering, testing, cybersecurity, ICT, web, mobile, project management, and complex integration processes.

Kolide

Kolide

Kolide ensures that if a device isn't secure, it can't access your apps.

Sirar by STC

Sirar by STC

Sirar is an advanced technology and cybersecurity company established by STC, the MENA region’s ICT and digital services provider.