Red Alert, Israel's rocket alert app, breached by hacktivists

Pro-Palestinian hacktivist group AnonGhost exploited a flaw in the Red Alert app and sent a fake threat of nuclear attack, researchers claim. More popular rocket alert apps, RedAlert by Elad Nava and Red Alert by Cumta, seem to be working fine.

AnonGhost supposedly exploited an application programming interface (API) vulnerability in the real-time rocket alert app, Red Alert by Kobi Snir, researchers at cybersecurity firm Group-IB claim.

“In their exploit, they successfully intercepted requests, exposed vulnerable servers and APIs, and employed Python scripts to send spam messages to some users of the app,” the researchers said on X.

The attackers shared information about the supposed attack on the group’s official Telegram channel. The screenshot included in the original post suggests that AnonGhost dispatched fake messages to the app’s users, saying that a “nuclear bomb is coming.”

“After exploiting an API vulnerability, threat actors were able to send spam messages within the app's chat. They have claimed that "all 10k to 20k users of this application" should have received these messages,” researchers said.

Post on AnonGhost's Telegram channel. Image by Cybernews.

We contacted the app’s developers for confirmation but did not immediately receive a reply. However, the app was later taken down from the Google Play Store.

After the first attack against the app, which was later removed from the Google Play store, AnonGhost said they attacked other rocket alert applications, such as RedAlert by Elad Nava, with over one million downloads on Google Play, and Red Alert by Cumta, with over 100,000 on Google Play.

However, according to Nava, as of October 11th, 08:30 AM GMT, the RedAlert app was functioning normally. Developers behind the Red Alert by Cumta app also said the app is working fine.

“The app is still up and running, we experienced no downtime at all,” the developers of Red Alert by Cumta said.

Cyberattacks against Israel

The moniker AnonGhost has been in use for quite some time. Several years ago, researchers at Binary Defense believed that the group had links with the notorious Islamic State (ISIS).

Other cyber warriors have actively joined the fight following the recent Hamas (eng. Islamic Resistance Movement) attacks in Israel. An attacker group called Ghosts of Palestine recently targeted several Israeli websites, while the Ganosec Team said it aims to take down the website of the Israeli Security Agency.

Mere hours after Hamas’ incursion, connecting to the Israeli government website was impossible. The pro-Russian group Killnet took full responsibility for the attack on Telegram.

Anonymous Sudan, another hacktivist group, widely suspected to be neither anonymous nor Sudanese – but Russian and tied with Killnet, has sided with Hamas and Killnet on Telegram.

Pro-Israeli hacktivists are also active. The official Hamas website was taken down – allegedly by a hacker group called India Cyber Force. Other pro-Israeli gangs include SilenOne, Garuna Ops, and Team UCC Ops.

Group-IB said that various threat actor groups have entered the conflict between Israel and Hamas. The different hacktivist groups taking sides are reminiscent of the first months after Russia invaded Ukraine.

Israel is reeling from a deadly attack by Hamas militants around Gaza early on Saturday morning who roamed at will, killing hundreds of civilians in Israeli towns and a music festival. With Israel now bombing Gaza, where Hamas is based, the attack toll reached 600 on Sunday night, with both sides taking heavy casualties.

Updated on October 10th [05:55 AM GMT] with a clarification about the app's ownership. The first version of the article incorrectly named RedAlert app, developed by Elad Nava, as the one described in the report by Group-IB.

Updated on October 11th [09:30 AM GMT] with statements from RedAlert by Elad Nava and Red Alert by Cumta.

More from Cybernews:

Israel’s government, media websites hit with cyberattacks

Israel's tech sector could face disruptions after attacks

Amazon launches first test satellites for Kuiper internet network

Feds new $7,500 electric vehicle rebate is like cash in your pocket

Why I won’t be upgrading to the latest Apple Watch

Subscribe to our newsletter


prefix 8 months ago
Why are you calling them hacktivists? They are not promoting a political agenda here, they are interfering with human safety systems. Sounds like cyber terrorism to me.
Avishay Traeger
prefix 8 months ago
This. I wanted to write this exact comment. The app is meant to protect innocent people from rocket attacks. What kind of activism is that?
Kevin Holden
prefix 7 months ago
I also agree, is activism not supposed to be civilized?
Leave a Reply

Your email address will not be published. Required fields are markedmarked