In the ongoing conflict between Israel and Palestine, there has been a notable rise in hacktivist groups that are planning an endless attack against a variety of targets on both sides of the conflict.
On October 8, the Cyber Av3ngers group revealed a major attack on the private Israeli Dorad power plant. The organization posted images of the supposedly hacked site and a logo that used the colors of the Palestinian flag and political sentiments, implying that the hack was in favor.
To support their claim that the Dorad website was the victim of a DoS attack, the hackers also provided evidence of their DDoS success.
Kaspersky examined the information published by Cyber Av3ngers and found that it derived from previous revelations by Moses Staff, another hacktivist collective.
Implementing “Trustifi” AI-powered email security solutions can protect your business from today’s most dangerous email threats such as tracking, blocking, modification, phishing, account takeover, business email compromise, malware and ransomware.
Who are Cyber Av3ngers?
The “Cyber Avengers” threat actor is a group with a similar name that has been operating since at least 2020. There is not much evidence that the Cyber Avengers are related to the Cyber Aveng3rs or the Cyber Av3ngers.
They primarily target Israeli organizations, particularly those that maintain the nation’s vital infrastructure.
A new Telegram channel called @CyberAveng3rs was launched on September 15, 2023. The channel first published statements connecting its owners to previous actions taken by “Cyber Avengers.” He then added messages outlining his plans to attack key Israeli infrastructure, such as water and electricity systems.
The most recent post on the channel discussed a security guideline that the Israeli government had developed and published for infrastructure security. The Cyber Avengers team issued the instructions and target list in mockery. Eight companies have been included on the list.
Attack on private Dorad power plant
The file, which contained information stolen from several Israeli companies, was originally published by Moses Staff in June 2022. 11 files that were part of the attack on the private Dorad power plant have timestamps from August 2020, but the time stamps The compression time frames are dated June 14. , 2022.
The file data included PNG and JPEG images as well as PDF documents. Along with the data disclosure, the attackers also released a video.
In particular, when researchers compare the originals from the Moses Staff archive with the images released by Cyber Av3ngers, it has been observed that Cyber Av3ngers captured images of the video and PDF files that were leaked by Moses Staff. Additionally, Cyber Av3ngers cropped the images and added a logo image before posting them.
Overall, it appears that Moses Staff’s hacking activities led to the data leak. The files appear to have been deleted from computers belonging to the targeted company using malware, and this threat actor carried out these actions using specialized tools such as PyDCrypt, DCSrv, and StrifeWater.
Reports say that there is usually no way to pay the ransom and decrypt the data because the Moses Staff organization is not interested in making money and instead intends to do harm.
“The alleged Cyber Av3ngers hack is recycled or repurposed from a previous security breach and is not the result of any new unauthorized access to data,” the researchers said.
This therefore highlights the importance of robust cybersecurity measures to protect against new and ongoing threats to IT and OT systems.
Protect yourself from vulnerabilities using Patch Manager Plus to quickly patch over 850 third-party applications. Take advantage of the Free Trial to guarantee 100% security.