Russian hacktivists now targeting Israeli global satellite and Industrial Control Systems

The Russian-linked hacktivist group Anonymous Sudan – who pledged solidarity with Hamas over the weekend – is now claiming multiple attacks on Israel’s Industrial Control Systems (ICS) in an attempt to disrupt critical infrastructure.

Israeli Global Navigational Satellite Systems (GNSS), Building Automation and Control Networks (BACNet), and Modbus Industrial Control Systems are the latest targets of the hacker group, according to a post on its Telegram channel Tuesday morning.

“❗️Israeli industrial control systems have been attacked by @xAnonymousSudan !” the post read.

Anonymous Sudan went on to explain how taking down each system could affect Israel’s infrastructure.

By targeting the nation’s GNSS, “Various GPS systems around the country will go offline; this could affect industrial systems, critical infrastructure, and other machines,” the hackers wrote.

With BACNet systems modified or shut down, energy surges, building evacuations, and computer shutdowns are also possible, it said.

Finally, the gang spoke of targeting Modbus Industrial Control Systems, a type of SCADA communications protocol relied on by critical infrastructure systems such as those that provide a nation’s electricity, water, oil, and gas.

Anonymous Sudan IDS
Anonymous Sudan, Telegram

Exclusive research by Cybernews earlier this week revealed that hundreds of ICSs – belonging to both Israeli and Palestinian systems – are currently exposed on the web, making them vulnerable to hackers.

SCADA, a type of supervisory control and data acquisition software, is used by industrial systems to monitor and control, both locally and remotely, mechanical equipment and its conditions within its working environment – ensuring that the systems work effectively and safely.

SCADA was once contained and isolated from the World Wide Web. However, over the past decade, it's become networked and vulnerable to attackers due to the need for real-time communications and monitoring of industrial systems and their processes.

The head of Cybernews security research Mantas Sasnauskas says that many hacktivists go after various ICSs in an attempt to disrupt critical infrastructure and draw international attention, as appears to be the case for Anonymous Sudan.

The Russian sympathizers, suspected to be neither anonymous nor Sudanese – are known for targeting their victims with timed DDoS (distributed denial-of-service) attacks.

Accompanying the latest claim, Anonymous Sudan posted a page filled with IP addresses apparently being targeted, which Cybernews can confirm are mostly Israeli addresses being hosted on networks within the Jewish nation.

Anonymous Sudan IDS IP addresses
Anonymous Sudan, Telegram

Another image depicting a list of BACNet servers being targeted was also included with its post, although Cybernews cannot confirm if those IP addresses are associated with Israeli organizations.

Anonymous Sudan ID BACNet IP
Anonymous Sudan, Telegram

Additionally, fellow hacktivist gang SiegedSec was tagged in the Anonymous Sudan post, although SiegedSec posted on its own Telegram channel – also Tuesday – about going after Industrial Control Systems located in the US, not Israel.

Anonymous Sudan, which is also known for going after softer targets, claimed responsibility for taking down Israel’s major news outlet, The Jerusalem Post, on Sunday.

On Saturday, Anonymous Sudan claimed to have targeted Israel’s Iron Dome, the country’s mobile all-weather air defense system, and also said it had attacked the Alert applications in Israel.

Russian hacktivist groups such as Anonymous Sudan have been relentlessly targeting Western and NATO nations, including Israel, as retaliation for supporting Ukraine since the Russian invasion last spring.

Others gangs with dubious ties to the Kremlin that have gone after Israel in support of Hamas include Storm-1133, Killnet, AnonGhost, and Cyber Army of Russia.

On Saturday morning, Hamas militants broke through Israel’s borders on the Gaza Strip, roaming at will and killing a reported 800 Israeli civilians as of Tuesday. Nearly 100 more victims were reported kidnapped in the attack. Fighting has escalated, with Israel bombing Hamas targets, resulting in heavy casualties on both sides.

More from Cybernews:

Hacktivists in Palestine and Israel after SCADA and other industrial control systems

Experiment: anti-Pegasus box to keep spies away from my home

Microsoft names Hamas-linked group targeting Israel

Crooks trying to blackmail worried Israelis on WhatsApp

Ten most common cyber security misconfigurations, as revealed by the NSA and CISA

Subscribe to our newsletter

Leave a Reply

Your email address will not be published. Required fields are markedmarked