The Claims and Assessments of SiegedSec’s Attacks on Israeli Infrastructure
SiegedSec’s Alleged Attacks
The hacktivist group SiegedSec has claimed responsibility for a series of attacks against Israeli infrastructure and industrial control systems (ICS). They published a list of what they claim are their targets, which includes global navigational satellite system receivers, building automation and control networks, and Modbus ICS – a communication protocol for industrial electronic devices. The group also mentioned collaborating with the pro-Iranian hacktivist group Anonymous Sudan.
The claims made by SiegedSec were brought to light by SecurityScorecard’s Threat Research, Intelligence, Knowledge, and Engagement (STRIKE) Team. However, it is important to note that there is no indication that the listed IP addresses have actually experienced any attacks. A sample of NetFlow data analyzed by SecurityScorecard does not show any significant increase in traffic volume consistent with a denial of service (DoS) attack.
Possible Reasons for the Claimed Attacks
While it is unclear whether SiegedSec’s attacks were successful or even initiated, there are other possible motivations behind the release of their list of targets. Robert Ames, a staff threat researcher at SecurityScorecard, suggests that the document may serve as a “call to action” for other attackers who could exploit the identified targets. In the past, hacktivist groups like Anonymous Sudan and KillNet have utilized Telegram channels to name specific targets in the hopes of gathering support from their followers.
Ames also notes that both SiegedSec and Anonymous Sudan seem to be primarily driven by publicity rather than possessing the sophisticated capabilities of nation-state-backed advanced persistent threat groups.
SiegedSec’s Background and Previous Activities
The origins of SiegedSec can be traced back to the Russian invasion of Ukraine in 2022. The group has been involved in a series of attacks related to the conflict, which included an alleged data theft on the NATO Communities of Interest Cooperation Portal and multiple attacks on NATO portals. They were also reportedly responsible for the breach of a third-party app at Atlassian, resulting in the compromise of employee data and floor plans of Atlassian offices in San Francisco and Sydney.
Protecting Against Attacks
Recommendations from SecurityScorecard
To safeguard against attackers like SiegedSec or any other potential threat, SecurityScorecard recommends the following measures:
1. Review the necessity of exposing industrial control systems (ICS) devices to the wider internet. If possible, place them behind a VPN or firewall to restrict access.
2. Consider adding dependent IP addresses to an allow list, thereby restricting access to ICS devices.
3. Utilize SecurityScorecard’s KillNet Bot Blocklist to block the listed IP addresses associated with the alleged attacks.
4. Implement distributed denial of service (DDoS) mitigations to handle potential attack traffic effectively.
5. Configure DNS resolvers and proxy servers to only accept requests from internal IP addresses and authorized users.
The Current Status of Cyberattacks in the Israeli-Hamas Conflict
Claims of Attacks and Disinformation
At the start of last week, the United States National Security Agency’s director of cybersecurity, Rob Joyce, stated that US intelligence had not observed any significant cyberattacks in the Israeli-Hamas conflict. However, claims of attacks were made, with Anonymous Sudan identifying the Israeli government as a primary target. Additionally, the AnonGhost hacktivist group stated that they breached the “RedAlert” airstrike warning app to send messages.
In the realm of information operations, there were reports of pro-Iranian and pro-Chinese groups involved in anti-Israel propaganda campaigns. This highlights the use of disinformation as a tool to manipulate public opinion and further exacerbate conflicts.
Conclusion
SiegedSec’s claims of attacks on Israeli infrastructure and industrial control systems are yet to be proven, with no evidence indicating such attacks have occurred. While the group’s motivations remain unclear, their actions may be designed to rally other attackers and gain publicity rather than achieving tangible results.
Organizations should take heed of SecurityScorecard’s recommendations to protect themselves against potential cyber threats. Additionally, in this era of information warfare, it is essential to critically evaluate claims of cyberattacks and disinformation in conflict zones to prevent the spread of false narratives and maintain a nuanced understanding of the situation.
<< photo by Clay Banks >>
The image is for illustrative purposes only and does not depict the actual situation.
You might want to read !
- The Soaring Influence: Israeli Cybersecurity Startups in the Midst of Escalating Conflict
- The Rise of TetrisPhantom: Unveiling a Stealthy Cyber Espionage Operation Targeting APAC Governments
- Fraud Prevention Firm Fingerprint Secures $33 Million in Funding
- Predatory Sparrow: The Resurgence of a Pro-Israeli Hacktivist Group
- How Can Hamas Capitalize on the Gaza Conflict for Information Warfare?
- NATO Launches Probe into Breach and Leak of Internal Documents: Implications for Security and Transparency
- Cyemptive Technologies: Accelerating Global Expansion into Middle East and the Americas
- Cyemptive Technologies: Driving Cybersecurity Expansion in the Middle East and the Americas
- The Rise of Bot Swarms: Unveiling the Surge in Middle Eastern and African Attacks
- Biometric Authentication Platform Anonybit Secures $3 Million Funding Boost
- Enhancing Cybersecurity: NSA Releases New Intrusion Detection Signatures and Analytics for ICS/OT
- OT Security Reinvented: The Ultimate Guide to Safeguarding Operational Technology
- ICS Security Company Dragos Raises $74 Million in Series D Extension: Bolstering Cybersecurity for Industrial Control Systems
- 16 New CODESYS SDK Vulnerabilities Pose Serious Threat to Industrial Control Systems
