Researchers Uncovered the Hack of a Private Power Station in Israel

In the continuing Israel-Palestine conflict, there has been a noticeable rise in hacktivist groups who are planning an unending attack against a variety of targets on both sides of the conflict.

On October 8, the Cyber Av3ngers group revealed a significant hack on the Israeli Dorad private power station. The organization posted images of the allegedly hacked site and a logo that used the colors of the Palestinian flag and political sentiments, implying that the hack was in favor.

To support their claim that the Dorad website was the victim of a DoS attack, the hackers also provided proof of their DDoS success.

Kaspersky examined the information released by Cyber Av3ngers and discovered that it was derived from earlier disclosures by Moses Staff, a different hacktivist collective.

Who are the Cyber Av3ngers?

The threat actor “Cyber Avengers” is a group with a similar name that has been operating since at least 2020. There isn’t much proof that the Cyber Avengers are related to the Cyber Aveng3rs or the Cyber Av3ngers.

They primarily target Israeli organizations, particularly those maintaining the nation’s vital infrastructure. 

A new Telegram channel named @CyberAveng3rs was launched on September 15, 2023. The channel first posted statements connecting its owners to the previous actions taken by “Cyber Avengers.” Then, it added messages outlining its plans to attack Israeli key infrastructure, such as the water and electrical systems.

The most recent post on the channel discussed a security guideline the Israeli government had produced for infrastructure security and released. The Cyber Avengers team issued the instructions and the list of targets in mockery. Eight firms have been included on the list.

Dorad Private Power Plant Attack

The archive, which contained stolen information from several Israeli businesses, was originally released by Moses Staff in June 2022. 11 files that were part of the Dorad private power plant attack have timestamps from August 2020, but the timestamps on the compression are dated June 14, 2022. 

The data in the archive included PNG and JPEG images as well as PDF documents. Along with the data disclosure, the attackers also released a video.

Particularly, when researchers compare the originals from the Moses Staff archive with the pictures released by Cyber Av3ngers, it has been observed that Cyber Av3ngers captured pictures from the video and PDF files that the Moses Staff leaked. Also, Cyber Av3ngers cropped the images and added a logo image before posting. 

As a whole, it appears that Moses Staff’s hacking activities caused the data to be leaked. The files appear to have been removed from computers belonging to the targeted company using malware, and this threat actor carried out these actions using specialized tools like PyDCrypt, DCSrv, and StrifeWater.

Reports say there is typically no way to pay the ransom and decrypt the data because the Moses Staff organization is not interested in making money and instead aims to harm.

Final Words

“The Cyber Av3ngers alleged hack is recycled or repurposed from a prior security breach and is not the result of any new unauthorized access to data”, researchers said.

Therefore, this highlights The significance of robust cybersecurity measures to guard against new and ongoing threats to IT and OT systems.

Protect yourself from vulnerabilities using Patch Manager Plus to patch over 850 third-party applications quickly. Take advantage of the free trial to ensure 100% security.