Hacktivist Group GhostSec Attack Israel

A hacking group called GhostSec has claimed that they breached the network at Berghof, an Israeli company specialising in municipal industrial applications and operating technology, including filtration & separation which uses Programmable Logic Control devices (PLCs). 

In the message it published on social media, GhostSec attached a video demonstrating a successful log-in to the Berghof's PLC admin panel, together with an image of a screen showing its current operating status and a second image showing that at least one PLC had stopped.

Industrial cyber security firm OTORIO has analysed the incident and reports that the breach was made possible because the PLCs were accessible through the Internet and were secured by weak and guessable password and access credentials. OTORIO said the system dumps and screenshots were exported directly from the admin panel following unauthorised access to the controllers through their public IP addresses.

Details of the compromise first came to light after GhostSec shared a video on its Telegram channel demonstrating a successful login to the Berghof admin panel, in addition to dumping data from the hacked controllers.

The attacks against Israeli targets, dubbed "#OpIsrael," is said to have commenced on June 28, 2022, citing "continuous attacks from Israel towards Palestinians."  In the intervening period, GhostSec has carried out a number of attacks, including those aimed at internet-exposed interfaces belonging to telecoms firm Bezeq and a MATAM  electrical power meter. 

OTORIO:    GhostSec:     HackerNews:     Cyebresecuiity-Help:    Industrial Cyber

You Might Also Read: 

Hackers Fail To Contaminate Florida Water:

 

« US Defence Needs New Software at the Centre of its Operations
Check Point Launches Horizon Security »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

tunCERT

tunCERT

TunCERT is the National Computer Emergency Response Team of Tunisia.

LEXFO

LEXFO

LEXFO specializes in the security of information systems, assisting clients in protecting information assets using an offensive and innovative approach.

Netsafe

Netsafe

Netsafe is an independent, non-profit New Zealand organisation focused on online safety. We help people stay safe online by providing online safety education, advice and support.

Miratech

Miratech

Miratech is a global IT services and consulting organization offering a full range of IT infrastructure solutions and services including cyber security.

Destel

Destel

Destel is a system integrator and provider of IT services focused on Advanced Network & Security Solutions.

Codeproof Technologies

Codeproof Technologies

The Codeproof enterprise mobility solution empowers your business to secure, deploy and manage mobile applications and data on smartphones, tablets, IoT devices and more.

SITA

SITA

SITA is a multinational information technology company providing IT and telecommunication services to the air transport industry including vulnerability assessments and managed security services.

PurpleSynapz

PurpleSynapz

PurpleSynapz provides hyper-realistic Cyber Security Training with a modern curriculum and Cyber Range.

PricewaterhouseCoopers (PwC)

PricewaterhouseCoopers (PwC)

PricewaterhouseCoopers is a multinational professional services network of firms headquartered in London, United Kingdom and operating in 157 countries.

Matrium Technologies

Matrium Technologies

Matrium Technologies has been a leading provider of technology solutions since 1991, with a strong industry background in Network Testing, Network Visibility and Security.

Delinea

Delinea

Delinea is a leading provider of cloud-ready privileged access management (PAM) solutions that empower cybersecurity for the modern, hybrid enterprise.

Jit

Jit

Jit empowers developers to own security for the product they are building from day zero.

Q5id

Q5id

At Q5id, we prove that your customers' digital identity and real-world identity are the same, our verification and authentication solution delivers a Proven and Secure digital identity for everyone.

Bastion Networks

Bastion Networks

Bastion are a security-focussed managed solution provider and consultancy. We work with advanced cyber security vendors to produce managed security solutions to protect from online threats.

Silent Push

Silent Push

Silent Push maps all internet-facing infrastructure with searchable, advanced attributes, generating early indicators of potential threats that are tailored to your environment.

Exiger

Exiger

Exiger is revolutionizing the way corporations, government agencies and banks navigate risk and compliance in their third-parties, supply chains and customers.