Several threat actors, including known ones, have joined in on the Israel-Hamas conflict escalation. These groups have targeted various organizations and infrastructure in Israel and Gaza, using DDoS attacks, with the latest attacks aimed at SCADA systems and ICS.
Diving into details
- Several Israeli organizations have left their Modbus, a SCADA communications protocol, exposed. In fact, investigators identified 400 such instances.
- The researchers, moreover, found that nearly 150 Message Queuing Telemetry Transport (MQTT) ports are still open. This system facilitates communication between MES (manufacturing execution system) and SCADA.
- As for Palestine, its entities are similarly leaving Modbus and MQTT exposed, in addition to Siemens automation and Symantec systems.
Other attacks surrounding the conflict
- A hacking group called Predatory Sparrow, believed to have links to the Israeli government, reemerged to support the government.
- Anonymous Sudan, which has affiliations with Sudan, targeted emergency warning systems in Israel and also attacked The Jerusalem Post, a prominent newspaper in Israel.
- The pro-Hamas group, Cyber Av3ngers, launched cyberattacks against the Israel Independent System Operator (Noga), the Israel Electric Corporation, and a power plant in Israel.
- A notorious pro-Russian group named Killnet attacked several Israeli government websites.
- On the pro-Israel front, ThreatSec claimed to have compromised the infrastructure of the Gaza-based ISP, AlfaNet.
The bottom line
The escalation of the Israel-Hamas conflict has been mirrored in the digital realm, with various hacker groups intensifying cyberattacks on both sides. These assaults, targeting critical infrastructures and media outlets, underscore the increasing role of cyber operations in contemporary conflicts. To mitigate these threats, entities should bolster their security measures, focusing on patching exposed SCADA systems and ensuring stringent access controls for critical communication protocols.