Researchers Uncovered the Hack of a Private Power Station in Israel

In the continuing Israel-Palestine conflict, there has been a noticeable rise in hacktivist groups who are planning an unending attack against a variety of targets on both sides of the conflict.

On October 8, the Cyber Av3ngers group revealed a significant hack on the Israeli Dorad private power station. The organization posted images of the allegedly hacked site and a logo that used the colors of the Palestinian flag and political sentiments, implying that the hack was in favor.

To support their claim that the Dorad website was the victim of a DoS attack, the hackers also provided proof of their DDoS success.

Kaspersky examined the information released by Cyber Av3ngers and discovered that it was derived from earlier disclosures by Moses Staff, a different hacktivist collective.

Who are the Cyber Av3ngers?

The threat actor “Cyber Avengers” is a group with a similar name that has been operating since at least 2020. There isn’t much proof that the Cyber Avengers are related to the Cyber Aveng3rs or the Cyber Av3ngers.

They primarily target Israeli organizations, particularly those maintaining the nation’s vital infrastructure. 

A new Telegram channel named @CyberAveng3rs was launched on September 15, 2023. The channel first posted statements connecting its owners to the previous actions taken by “Cyber Avengers.” Then, it added messages outlining its plans to attack Israeli key infrastructure, such as the water and electrical systems.

The most recent post on the channel discussed a security guideline the Israeli government had produced for infrastructure security and released. The Cyber Avengers team issued the instructions and the list of targets in mockery. Eight firms have been included on the list.

Dorad Private Power Plant Attack

The archive, which contained stolen information from several Israeli businesses, was originally released by Moses Staff in June 2022. 11 files that were part of the Dorad private power plant attack have timestamps from August 2020, but the timestamps on the compression are dated June 14, 2022. 

The data in the archive included PNG and JPEG images as well as PDF documents. Along with the data disclosure, the attackers also released a video.

Particularly, when researchers compare the originals from the Moses Staff archive with the pictures released by Cyber Av3ngers, it has been observed that Cyber Av3ngers captured pictures from the video and PDF files that the Moses Staff leaked. Also, Cyber Av3ngers cropped the images and added a logo image before posting. 

As a whole, it appears that Moses Staff’s hacking activities caused the data to be leaked. The files appear to have been removed from computers belonging to the targeted company using malware, and this threat actor carried out these actions using specialized tools like PyDCrypt, DCSrv, and StrifeWater.

Reports say there is typically no way to pay the ransom and decrypt the data because the Moses Staff organization is not interested in making money and instead aims to harm.

Final Words

“The Cyber Av3ngers alleged hack is recycled or repurposed from a prior security breach and is not the result of any new unauthorized access to data”, researchers said.

Therefore, this highlights The significance of robust cybersecurity measures to guard against new and ongoing threats to IT and OT systems.

Protect yourself from vulnerabilities using Patch Manager Plus to patch over 850 third-party applications quickly. Take advantage of the free trial to ensure 100% security.

Gurubaran

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Recent Posts

LightSpy iOS Malware Enhanced with 28 New Destructive Plugins

The LightSpy threat actor exploited publicly available vulnerabilities and jailbreak kits to compromise iOS devices.…

1 day ago

ATPC Cyber Forum to Focus on Next Generation Cybersecurity and Artificial Intelligence Issues

White House National Cyber Director, CEOs, Key Financial Services Companies, Congressional and Executive Branch Experts…

3 days ago

New PySilon RAT Abusing Discord Platform to Maintain Persistence

Cybersecurity experts have identified a new Remote Access Trojan (RAT) named PySilon. This Trojan exploits…

3 days ago

Konni APT Hackers Attacking Organizations with New Spear-Phishing Tactics

The notorious Konni Advanced Persistent Threat (APT) group has intensified its cyber assault on organizations…

4 days ago

Google Chrome Security, Critical Vulnerabilities Patched

Google has updated its Chrome browser, addressing critical vulnerabilities that posed potential risks to millions…

4 days ago

Notorious WrnRAT Delivered Mimic As Gambling Games

WrnRAT is a new malware attack that cybercriminals have deployed by using popular gambling games…

4 days ago