Hacktivists in Palestine and Israel after SCADA and other industrial control systems

Both pro-Israeli and pro-Palestinian hacktivists have joined the fight in the cyber realm. Industrial control systems (ICS) seem to be one of the most lucrative targets for them, and there are hundreds exposed.

After Hamas gunmen killed hundreds of Israelis and took an unknown number of people hostage, Israel has now retaliated with airstrikes on Gaza.

Some people took to social media to, for example, show support for Israel by adding the country’s flag to their profile pictures. Thousands marched on the streets to express support for the Palestinian side.

Others turned to cyber weapons to voice their opinion and sow chaos. Hacktivists are already launching attacks on various systems amid a grave escalation of the Israeli-Palestinian conflict.

We’ve already reported on a multitude of attacks, mostly distributed denial of service (DDoS), against Israel. Hacktivists have targeted the Israeli government and media, among other organizations.

Some threat actors, such as ThreatSec, haven't claimed any allegiance and are boasting about attacking both sides alike.

“As you might know, we don't like Israel, but… We also don't like War! Soooo, as we have attacked Israel in the past, we now attack the Gaza region, where many of the Hamas fighters are located!” the gang wrote on Telegram, claiming that it had shut down nearly every server owned by Alfanet.ps – including Quintiez Alfa General Trading, which is one of the biggest ISPs (internet service providers) in the Gaza Strip.

ThreatSec is part of the “Five Families” – notorious and highly organized gangs (the others are GhostSec, Stormous, Blackforums, and SiegedSec) that collaborate on launching big cyberattacks.


Mantas Sasnauskas, head of the Cybernews research team, highlighted that many hacktivists go after various ICSs in an attempt to disrupt critical infrastructure and draw international attention.

Since a cyberattack on critical infrastructure can have serious repercussions, including operational disruptions, safety hazards, economic costs, and reputational damage, cybersecurity should be a top priority in the organizations that administer them.

Unfortunately, that’s not always the case. An analysis by the Cybernews research team reveals that many ICSs are exposed, and threat actors can easily take advantage of sloppy security practices.

An ICS is a computerized system used to monitor and manage machinery and processes in industries, ensuring that they work effectively and safely. SCADA, which stands for supervisory control and data acquisition, is a type of ICS capable of gathering data and applying operational controls over long distances.

As per Cybernews’ findings, some Israeli organizations are exposing their Modbus, a SCADA communications protocol. In fact, researchers found 400 such occurrences. Researchers also discovered that nearly 150 Message Queuing Telemetry Transport (MQTT) ports remain open – this system is responsible for communication between MES (manufacturing execution system) and SCADA.

ICS exposed systems

When it comes to Palestine, its organizations are also exposing Modbus and MQTT, as well as Siemens automation and Symantec systems.

“The paramount importance of protecting critical infrastructure from potential threats posed by various actors cannot be overstated. These systems, if left vulnerable, could become the target of nefarious individuals or groups seeking to cause widespread disruption or harm. The consequences of such a breach could be catastrophic, with the potential for significant disruption to power grids, interference with chemical processes, or even the endangerment of public safety through the sabotage of transportation systems.

In our increasingly interconnected world, the stability and security of these industrial control systems are of the utmost importance. Therefore, prioritizing their protection is not merely an option, but an absolute necessity. Especially taking the current threat landscape into consideration,” Sasnauskas said.

There’s also plenty of collateral damage involved, with threat actors also going after governments that have expressed their support for Israel.

More from Cybernews:

Israel’s government, media websites hit with cyberattacks

Experiment: anti-Pegasus box to keep spies away from my home

Israel's tech sector could face disruptions after attacks

Amazon launches first test satellites for Kuiper internet network

Feds new $7,500 electric vehicle rebate is like cash in your pocket

Subscribe to our newsletter

Leave a Reply

Your email address will not be published. Required fields are markedmarked