GhostSec Compromises 55 Berghof PLCs Across Israel

GhostSec, a hacktivist collective, has claimed credit for compromising up to 55 Berghof programmable logic controllers (PLCs) used by Israeli organizations as part of a “Free Palestine” campaign.

According to OTORIO, an industrial cybersecurity firm that further investigated the incident, the breach was made possible because the PLCs were accessible via the Internet and were secured by easily guessable credentials.

The system dumps and screenshots were exported directly from the admin panel after unauthorized access to the controllers via their public IP addresses. According to the Israeli firm.

GhostSec (also known as Ghost Security) is a self-proclaimed vigilante group that was formed in 2015 to target ISIS websites that preach Islamic extremism.

Earlier this month, in the immediate aftermath of Russia’s military invasion of Ukraine, the group rallied its support for the country. It has also taken part in a campaign aimed at Israeli organizations and businesses since late June.

“The group shifted their focus from their regular operations and began to target multiple Israeli companies, presumably gaining access to various IoT interfaces and ICS/SCADA systems, which resulted in potential disruptions,” Cyberint reported on July 14.

The “#OpIsrael” attacks on Israeli targets are said to have begun on June 28, 2022, citing “continuous attacks from Israel against Palestinians.”

In the interim, GhostSec has carried out a number of attacks, including those against Bezeq International’s internet-exposed interfaces and an ELNet power meter at the Scientific Industries Center (Matam).

In that sense, the breach of Berghof PLCs is part of the actor’s broader shift to target the SCADA/ICS domain, though it appears to be a case where the group used “easily overlooked misconfigurations of industrial systems” to carry out the attacks.

“Despite the incident’s low impact, this is an excellent example of how a cyber attack could have been easily avoided by simple, proper configuration,” the researchers wrote.

“By disabling public Internet exposure of assets and maintaining a good password policy, particularly changing the default login credentials, the hacktivists’ breach attempt would fail.”

Meanwhile, GhostSec has continued to post screenshots, claiming to have gained access to another control panel that can be used to change the levels of chlorine and pH in the water.

“I hope you all understand our decision not to attack their pH levels and risk harming the innocents of #Israel,” the group said in a tweet over the weekend. “Our war’ has always been FOR the people, not against them.”

19 thoughts on “GhostSec Compromises 55 Berghof PLCs Across Israel”

  1. Having read this I thought it was very informative. I appreciate you taking the time and effort to put this article together. I once again find myself spending way to much time both reading and commenting. But so what, it was still worth it!

  2. I was curious if you ever thought of changing the layout of your site? Its very well written; I love what youve got to say. But maybe you could a little more in the way of content so people could connect with it better. Youve got an awful lot of text for only having one or two pictures. Maybe you could space it out better?

  3. excellent post, very informative. I ponder why the other specialists of this sector do not understand this. You must proceed your writing. I’m sure, you’ve a huge readers’ base already!

  4. Nice weblog right here! Additionally your site quite a bit up fast! What web host are you using? Can I get your associate link on your host? I want my site loaded up as fast as yours lol

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top