Industry News

Russian Hacktivists Now Targeting Israeli Global Satellite and Industrial Control Systems

15 October 2023

Israeli Global Navigational Satellite Systems (GNSS), Building Automation and Control Networks (BACNet), and Modbus Industrial Control Systems are the latest targets of the hacker group, according to a post on its Telegram channel Tuesday morning.

“❗️Israeli industrial control systems have been attacked by @xAnonymousSudan !” the post read.

Anonymous Sudan went on to explain how taking down each system could affect Israel’s infrastructure.

By targeting the nation’s GNSS, “Various GPS systems around the country will go offline; this could affect industrial systems, critical infrastructure, and other machines,” the hackers wrote.

With BACNet systems modified or shut down, energy surges, building evacuations, and computer shutdowns are also possible, it said.

Finally, the gang spoke of targeting Modbus Industrial Control Systems, a type of SCADA communications protocol relied on by critical infrastructure systems such as those that provide a nation’s electricity, water, oil, and gas.

Exclusive research by Cybernews earlier this week revealed that hundreds of ICSs – belonging to both Israeli and Palestinian systems – are currently exposed on the web, making them vulnerable to hackers.

SCADA, a type of supervisory control and data acquisition software, is used by industrial systems to monitor and control, both locally and remotely, mechanical equipment and its conditions within its working environment – ensuring that the systems work effectively and safely.

SCADA was once contained and isolated from the World Wide Web. However, over the past decade, it's become networked and vulnerable to attackers due to the need for real-time communications and monitoring of industrial systems and their processes.

The head of Cybernews security research Mantas Sasnauskas says that many hacktivists go after various ICSs in an attempt to disrupt critical infrastructure and draw international attention, as appears to be the case for Anonymous Sudan.

The Russian sympathizers, suspected to be neither anonymous nor Sudanese – are known for targeting their victims with timed DDoS (distributed denial-of-service) attacks.

Accompanying the latest claim, Anonymous Sudan posted a page filled with IP addresses apparently being targeted, which Cybernews can confirm are mostly Israeli addresses being hosted on networks within the Jewish nation.

Another image depicting a list of BACNet servers being targeted was also included with its post, although Cybernews cannot confirm if those IP addresses are associated with Israeli organizations.

Additionally, fellow hacktivist gang SiegedSec was tagged in the Anonymous Sudan post, although SiegedSec posted on its own Telegram channel – also Tuesday – about going after Industrial Control Systems located in the US, not Israel.

Anonymous Sudan, which is also known for going after softer targets, claimed responsibility for taking down Israel’s major news outlet, The Jerusalem Post, on Sunday.

On Saturday, Anonymous Sudan claimed to have targeted Israel’s Iron Dome, the country’s mobile all-weather air defense system, and also said it had attacked the Alert applications in Israel.

Russian hacktivist groups such as Anonymous Sudan have been relentlessly targeting Western and NATO nations, including Israel, as retaliation for supporting Ukraine since the Russian invasion last spring.

Others gangs with dubious ties to the Kremlin that have gone after Israel in support of Hamas include Storm-1133, Killnet, AnonGhost, and Cyber Army of Russia.

On Saturday morning, Hamas militants broke through Israel’s borders on the Gaza Strip, roaming at will and killing a reported 800 Israeli civilians as of Tuesday. Nearly 100 more victims were reported kidnapped in the attack. Fighting has escalated, with Israel bombing Hamas targets, resulting in heavy casualties on both sides.