Tuesday, June 25, 2024

Hacktivist Groups Attacking Industrial Control Systems To Disrupt Services

Hacktivist groups are increasingly targeting critical infrastructure’s Operational Technology (OT) systems, motivated by geopolitical issues that, unlike traditional website defacements, can disrupt essential services and endanger public safety.  

The success of high-profile attacks on Industrial control systems (ICS) by groups with minimal technical expertise highlights a worrying evolution in hacktivism, which necessitates reevaluating hacktivist tactics and their growing role in the cyber threat landscape. 

They are increasingly targeting OT systems, critical infrastructure that controls physical processes, and their goal is to disrupt operations and gain media attention for their cause.

These groups may be state-backed and can launch denial-of-service attacks or exploit vulnerabilities. 

While some boast more than they achieve, successful OT attacks pose serious threats like water utility disruption, while social media amplifies the impact of these incidents, creating a cycle that encourages further attacks.

With ANYRUN You can Analyze any URL, Files & Email for Malicious Activity : Start your Analysis

CyberAv3ngers, an anti-Israel hacktivist group, targeted industrial control systems manufactured by Unitronics as they compromised programmable logic controllers (PLCs) using brute-force attacks and exploited default credentials, which resulted in manipulation of human-machine interfaces (HMI) in critical infrastructure like water treatment facilities. 

The attacks disrupted operations in multiple locations globally, including the Municipal Water Authority of Aliquippa and the Drum/Binghamstown Water Scheme, highlighting the ability of hacktivists to leverage basic techniques for significant impact and potentially inspiring future large-scale attacks.  

CyberArmyofRussia_Reborn, a pro-Russian hacktivist group likely affiliated with APT28 and Sandworm, has been targeting critical infrastructure since 2023.

In January 2024, they compromised water treatment plants in Texas by exploiting vulnerabilities in VNC technology to manipulate water tank controls. 

Subsequent attacks on US, Polish, and French OT environments suggest broader disruption efforts, as this hacktivist group demonstrates a concerning evolution, employing sophisticated tactics against critical infrastructure for potential political gains. 

Pro-Ukraine hacktivist group Blackjack launched a cyberattack on Moskollektor, a Russian infrastructure management organization. Using custom Fuxnet malware to target Moskollektor’s OT monitoring network, Blackjack potentially countered the ongoing geopolitical conflict.

According to Dragos, Fuxnet specifically exploited vulnerabilities in Moskollektor’s system and likely requires modification for broader attacks. 

Blackjack claimed to have disrupted sensors, infiltrated emergency services, and compromised access credentials, though the extent of the damage is uncertain, which highlights the increasing sophistication of hacktivist operations and the influence of media coverage in amplifying their impact. 

Hacktivist groups are showing increasing sophistication in their attacks on Operational Technology (OT) systems, as early groups like CyberAv3ngers exploited weaknesses in OT systems to cause disruptions, and later groups, possibly inspired by these tactics, used similar methods with more sophistication and potentially state backing to launch broader attacks. 

Now, groups like Blackjack are developing and deploying custom malware, potentially targeting physical systems, which suggests that hacktivists are more capable of causing real-world damage through cyber attacks.

Looking for Full Data Breach Protection? Try Cynet's All-in-One Cybersecurity Platform for MSPs: Try Free Demo 


Latest articles

Hackers Attacking Windows IIS Server to Upload Web Shells

Windows IIS Servers often host critical web applications and services that provide a gateway...

WikiLeaks Founder Julian Assange Released in Stunning Deal with U.S.

WikiLeaks founder Julian Assange has been released from prison after reaching a deal with...

Four Members of FIN9 Hackers Charged for Attacking U.S. Companies

Four Vietnamese nationals have been charged for their involvement in a series of computer...

BREAKING: NHS England’s Synnovis Hit by Massive Cyber Attack

In a shocking development, the NHS has revealed that it was the victim of...

Threat Actor Claiming a 0-day in Linux LPE Via GRUB bootloader

A new threat actor has emerged, claiming a zero-day vulnerability in the Linux GRUB...

LockBit Ransomware Group Claims Hack of US Federal Reserve

The notorious LockBit ransomware group has claimed responsibility for hacking the U.S. Federal Reserve,...

Microsoft Power BI Vulnerability Let Attackers Access Organizations Sensitive Data

A vulnerability in Microsoft Power BI allows unauthorized users to access sensitive data underlying...

Free Webinar

API Vulnerability Scanning

71% of the internet traffic comes from APIs so APIs have become soft targets for hackers.Securing APIs is a simple workflow provided you find API specific vulnerabilities and protect them.In the upcoming webinar, join Vivek Gopalan, VP of Products at Indusface as he takes you through the fundamentals of API vulnerability scanning..
Key takeaways include:

  • Scan API endpoints for OWASP API Top 10 vulnerabilities
  • Perform API penetration testing for business logic vulnerabilities
  • Prioritize the most critical vulnerabilities with AcuRisQ
  • Workflow automation for this entire process

Related Articles