• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

Wing FTP Server flaw actively exploited shortly after technical details were made public

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 53

 | 

Security Affairs newsletter Round 532 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

McDonald’s job app exposes data of 64 Million applicants

 | 

Athlete or Hacker? Russian basketball player accused in U.S. ransomware case

 | 

U.S. CISA adds Citrix NetScaler ADC and Gateway flaw to its Known Exploited Vulnerabilities catalog

 | 

UK NCA arrested four people over M&S, Co-op cyberattacks

 | 

PerfektBlue Bluetooth attack allows hacking infotainment systems of Mercedes, Volkswagen, and Skoda

 | 

Qantas data breach impacted 5.7 million individuals

 | 

DoNot APT is expanding scope targeting European foreign ministries

 | 

Nippon Steel Solutions suffered a data breach following a zero-day attack

 | 

Iranian group Pay2Key.I2P ramps Up ransomware attacks against Israel and US with incentives for affiliates

 | 

Hackers weaponize Shellter red teaming tool to spread infostealers

 | 

Microsoft Patch Tuesday security updates for July 2025 fixed a zero-day

 | 

Italian police arrested a Chinese national suspected of cyberespionage on a U.S. warrant

 | 

U.S. CISA adds MRLG, PHPMailer, Rails Ruby on Rails, and Synacor Zimbra Collaboration Suite flaws to its Known Exploited Vulnerabilities catalog

 | 

IT Worker arrested for selling access in $100M PIX cyber heist

 | 

New Batavia spyware targets Russian industrial enterprises

 | 

Taiwan flags security risks in popular Chinese apps after official probe

 | 

U.S. CISA adds Google Chromium V8 flaw to its Known Exploited Vulnerabilities catalog

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
  • Home
  • Breaking News
  • Hacking
  • Hacktivism
  • ICS-SCADA
  • Pro-Palestinian group GhostSec hacked Berghof PLCs in Israel

Pro-Palestinian group GhostSec hacked Berghof PLCs in Israel

Pierluigi Paganini September 13, 2022

The hacktivist collective GhostSec claimed to have compromised 55 Berghof PLCs used by Israeli organizations.

Pro-Palestinian Hacking Group GhostSec claimed to have compromised 55 Berghof programmable logic controllers (PLCs) used by Israeli organizations as part of a Free Palestine campaign.

On September, 4th, 2022, GhostSec announced on social media and its Telegram channel that it has compromised 55 Berghof PLCs used by organizations in Israel.

hope you all can understand our decision on not attacking their PH levels and risking a chance to harm the innocents of #Israel

Our "war" has always been FOR the people not against them. #FreePalestine

Details:https://t.co/7hczY9Owh1 pic.twitter.com/wGa7YXCbfV

— GhostSec (@ghost_s3curity) September 11, 2022

GhostSec also published a video demonstrating a successful log-in to the PLC’s admin panel along with screenshots of an HMI screen showing some phases of the attack, including the block of the PLC.

berghof PLCs Israel

“In the message it published, GhostSec attached a video demonstrating a successful log-in to the PLC’s admin panel, together with an image of an HMI screen showing its current state and control of the PLC process, and another image showing that the PLC had been stopped. In the following message (inset) the group published the dumped data from the breached PLCs.” reported the analysis published by Industrial cybersecurity firm OTORIO.

The analysis of the system dumps published by the collective (part_1.zip and part_2.zip) revealed the public IP addresses of the affected PLCs, OTORIO experts speculate that they were exposed online at the time of the attack.

The leaked archives contained system dumps and HMI screenshots, obtained from the Berghof admin panel of the compromised PLCs.

The experts believe that the threat actors gained access to the admin panel of the PLCs by using default and common credentials.

The experts pointed out that although access to the admin panel provides full control over some of the PLC’s functionality, it does allow operators to directly control the industrial process.

“It is possible to affect the process to some extent, but the actual process configuration itself isn’t available solely from the admin panel.” continues the experts.

The researchers explained that even if the attack was not sophisticated, the compromise of an OT infrastructure can be extremely dangerous. They added that GhostSec likely hasn’t capabilities to conduct cyber attacks in the OT domain.

“Unlike cyber attacks on IT infrastructure, OT security breaches can be extremely dangerous since they can affect physical processes and, in some cases, even lead to life-threatening situations.” concludes the report. “While GhostSec’s claims are of a sophisticated cyber attack, the incident reviewed here is simply an unfortunate case where easily overlooked misconfigurations of industrial systems led to an extremely unsophisticated attempt to breach the systems themselves. The fact that the HMI probably wasn’t accessed, nor manipulated by GhostSec, and the hackers were not exploiting the Modbus interface, shows an unfamiliarity with the OT domain. To the best of our knowledge, GhostSec hadn’t brought critical damage to the affected systems, but only sought to draw attention to the hacktivist group and its activities.“

GhostSec also published other screenshots, claiming to have gained access to another control panel that can be used to modify the level of chlorine and pH levels in the water.

hope you all can understand our decision on not attacking their PH levels and risking a chance to harm the innocents of #Israel

Our "war" has always been FOR the people not against them. #FreePalestine

Details:https://t.co/7hczY9Owh1 pic.twitter.com/wGa7YXCbfV

— GhostSec (@ghost_s3curity) September 11, 2022

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, PLCs)

[adrotate banner=”5″]

[adrotate banner=”13″]


facebook linkedin twitter

Hacking hacking news hacktivists ICS information security news IT Information Security PLC SCADA Security News

you might also like

Pierluigi Paganini July 13, 2025
Wing FTP Server flaw actively exploited shortly after technical details were made public
Read more
Pierluigi Paganini July 13, 2025
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 53
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    Wing FTP Server flaw actively exploited shortly after technical details were made public

    Hacking / July 13, 2025

    SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 53

    Breaking News / July 13, 2025

    Security Affairs newsletter Round 532 by Pierluigi Paganini – INTERNATIONAL EDITION

    Breaking News / July 13, 2025

    McDonald’s job app exposes data of 64 Million applicants

    Hacking / July 12, 2025

    Athlete or Hacker? Russian basketball player accused in U.S. ransomware case

    Cyber Crime / July 11, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT