Saturday, June 15, 2024

Researchers Uncovered the Hack of a Private Power Station in Israel

In the continuing Israel-Palestine conflict, there has been a noticeable rise in hacktivist groups who are planning an unending attack against a variety of targets on both sides of the conflict.

On October 8, the Cyber Av3ngers group revealed a significant hack on the Israeli Dorad private power station. The organization posted images of the allegedly hacked site and a logo that used the colors of the Palestinian flag and political sentiments, implying that the hack was in favor.

To support their claim that the Dorad website was the victim of a DoS attack, the hackers also provided proof of their DDoS success.

Kaspersky examined the information released by Cyber Av3ngers and discovered that it was derived from earlier disclosures by Moses Staff, a different hacktivist collective.

Who are the Cyber Av3ngers?

The threat actor “Cyber Avengers” is a group with a similar name that has been operating since at least 2020. There isn’t much proof that the Cyber Avengers are related to the Cyber Aveng3rs or the Cyber Av3ngers.

They primarily target Israeli organizations, particularly those maintaining the nation’s vital infrastructure. 

A new Telegram channel named @CyberAveng3rs was launched on September 15, 2023. The channel first posted statements connecting its owners to the previous actions taken by “Cyber Avengers.” Then, it added messages outlining its plans to attack Israeli key infrastructure, such as the water and electrical systems.

The most recent post on the channel discussed a security guideline the Israeli government had produced for infrastructure security and released. The Cyber Avengers team issued the instructions and the list of targets in mockery. Eight firms have been included on the list.

Dorad Private Power Plant Attack

The archive, which contained stolen information from several Israeli businesses, was originally released by Moses Staff in June 2022. 11 files that were part of the Dorad private power plant attack have timestamps from August 2020, but the timestamps on the compression are dated June 14, 2022. 

The data in the archive included PNG and JPEG images as well as PDF documents. Along with the data disclosure, the attackers also released a video.

Particularly, when researchers compare the originals from the Moses Staff archive with the pictures released by Cyber Av3ngers, it has been observed that Cyber Av3ngers captured pictures from the video and PDF files that the Moses Staff leaked. Also, Cyber Av3ngers cropped the images and added a logo image before posting. 

As a whole, it appears that Moses Staff’s hacking activities caused the data to be leaked. The files appear to have been removed from computers belonging to the targeted company using malware, and this threat actor carried out these actions using specialized tools like PyDCrypt, DCSrv, and StrifeWater.

Reports say there is typically no way to pay the ransom and decrypt the data because the Moses Staff organization is not interested in making money and instead aims to harm.

Final Words

“The Cyber Av3ngers alleged hack is recycled or repurposed from a prior security breach and is not the result of any new unauthorized access to data”, researchers said.

Therefore, this highlights The significance of robust cybersecurity measures to guard against new and ongoing threats to IT and OT systems.

Protect yourself from vulnerabilities using Patch Manager Plus to patch over 850 third-party applications quickly. Take advantage of the free trial to ensure 100% security.


Latest articles

Sleepy Pickle Exploit Let Attackers Exploit ML Models And Attack End-Users

Hackers are targeting, attacking, and exploiting ML models. They want to hack into these...

SolarWinds Serv-U Vulnerability Let Attackers Access sensitive files

SolarWinds released a security advisory for addressing a Directory Traversal vulnerability which allows a...

Smishing Triad Hackers Attacking Online Banking, E-Commerce AND Payment Systems Customers

Hackers often attack online banking platforms, e-commerce portals, and payment systems for illicit purposes.Resecurity...

Threat Actor Claiming Leak Of 5 Million Ecuador’s Citizen Database

A threat actor has claimed responsibility for leaking the personal data of 5 million...

Ascension Hack Caused By an Employee Who Downloaded a Malicious File

Ascension, a leading healthcare provider, has made significant strides in its investigation and recovery...

AWS Announced Malware Detection Tool For S3 Buckets

Amazon Web Services (AWS) has announced the general availability of Amazon GuardDuty Malware Protection...

Hackers Exploiting MS Office Editor Vulnerability to Deploy Keylogger

Researchers have identified a sophisticated cyberattack orchestrated by the notorious Kimsuky threat group.The...
Guru baran
Guru baran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Free Webinar

API Vulnerability Scanning

71% of the internet traffic comes from APIs so APIs have become soft targets for hackers.Securing APIs is a simple workflow provided you find API specific vulnerabilities and protect them.In the upcoming webinar, join Vivek Gopalan, VP of Products at Indusface as he takes you through the fundamentals of API vulnerability scanning..
Key takeaways include:

  • Scan API endpoints for OWASP API Top 10 vulnerabilities
  • Perform API penetration testing for business logic vulnerabilities
  • Prioritize the most critical vulnerabilities with AcuRisQ
  • Workflow automation for this entire process

Related Articles