A hacktivist collective called GhostSec has claimed credit for compromising as many as 55 Berghof programmable logic controllers (PLCs) used by Israeli organizations as part of a “Free Palestine” campaign.
Industrial cybersecurity firm OTORIO, which dug deeper into the incident, said the breach was made possible owing to the fact that the PLCs were accessible through the Internet and were secured by trivially guessable credentials.
Details of the compromise first came to light on September 4 after GhostSec shared a video on its Telegram channel demonstrating a successful login to the PLC’s admin panel, in addition to dumping data from the hacked controllers.
The Israeli company said the system dumps and screenshots were exported directly from the admin panel following unauthorized access to the controllers through their public IP addresses.
GhostSec (aka Ghost Security), first identified in 2015, is a self-proclaimed vigilante group that was initially formed to target ISIS websites that preach Islamic extremism.
Earlier this February, the group rallied its support for Ukraine in the immediate aftermath of Russia’s military invasion of the country. Since late June, it has also participated in a campaign targeting Israeli organizations and enterprises.
The attacks against Israeli targets, dubbed “#OpIsrael,” is said to have commenced on June 28, 2022, citing “continuous attacks from Israel towards Palestinians.”
In the intervening period, GhostSec has carried out a number of attacks, including those aimed at internet-exposed interfaces belonging to Bezeq International and an ELNet power meter located at the Scientific Industries Center (Matam).