Posted on 11/23/2023 7:44:36 AM PST by Salman
Related:
* * *
https://www.darkreading.com/dr-global/pro-iranian-hacktivists-sights-israeli-industrial-control-systems
Pro-Iranian Hacktivists Set Sights on Israeli Industrial Control Systems
The hacktivists known as SiegedSec identify ICS targets, but there’s no evidence of attacks yet.
Dan Raywood
Senior Editor, Dark Reading
October 18, 2023
The hacktivist group SiegedSec has claimed responsibility for a series of attacks against Israeli infrastructure and industrial control systems (ICS), but there is no indication that the listed IP addresses have experienced any attacks.
The hacking group put together a list of what it claims are its Israeli ICS targets, which was recently uncovered by SecurityScorecard’s Threat Research, Intelligence, Knowledge, and Engagement (STRIKE) Team. An image of the list — found via analysis of various dark Web groups — shows a series of IP addresses with the claim “we have unleashed mass attacks on Israeli infrastructure.”. . .
Who Are SiegedSec?
The SiegedSec group appeared shortly after the Russian invasion of Ukraine in 2022, and has conducted a series of attacks around that conflict, including an alleged data theft on the NATO Communities of Interest Cooperation Portal in July, followed by a second attack on multiple NATO portals earlier this month.
The group was also reportedly behind the attack on Atlassian in February, where a third-party app was breached, compromising employee data and floor plans of Atlassian offices located in San Francisco and Sydney, Australia.
To avoid compromise from this or any other attacker, SecurityScorecard recommended that organizations review the business necessity of exposing ICS devices to the wider Internet and place them behind a VPN or firewall when possible. Also, organizations should consider restricting access to ICS devices by adding dependent IPs to an allow list.
The firm also recommended blocking the listed IPs in SecurityScorecard’s KillNet Bot Blocklist, putting in DDoS mitigations, and configuring DNS resolvers and proxy servers to only accept requests from internal IP addresses and authorized users.
A Week of Attack Claims
At the start of last week, the US National Security Agency’s director of cybersecurity Rob Joyce said US intelligence had not observed evidence indicating there had been any significant cyberattacks so far in the Israeli-Hamas conflict.
Yet a number of claims of attacks were made at the start of last week, with Anonymous Sudan naming the Israeli government in online discussions as a main target, and the AnonGhost hacktivist group said it had managed to breach the “RedAlert” airstrike warning app to send messages.
Also, information operations entered the discussion last week when pro-Iranian and pro-Chinese groups were detected as being involved in anti-Israel propaganda campaigns. . .
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.