Wide concern over GPS spoofing incidents, previously thought to be impossible, in Middle East,

October 16, 2023

OPSGroup reports: since first discovered, additional distinct spoofing scenarios have been reported by flight crews:

= A Gulfstream G650 experienced full nav failure on departure from LLBG/Tel Aviv (25 Oct). The crew reports, “ATC advised we were off course and provided vectors. Within a few minutes our EPU was 99.0, FMS, IRS, and GPS position were unreliable. The navigation system thought it was 225nm south of our present position.”
=A Bombardier Global Express was spoofed on departure from LLBG/Tel Aviv (16 Oct). A false GPS position showed position as overhead OLBA/Beirut. Crew advises “The controller warned us that we are flying towards a forbidden area”.
=A Boeing 777 experienced a 30 miute GPS spoofing encounter in the Cairo FIR (16 Oct). A false GPS position showed the aircraft as stationary overhead LLBG for 30 minutes.
=A Bombardier Global 7500 was spoofed 3 separate times in the Cairo FIR (16 Oct 2023). Crew advises: “The first took out one GPS, the second took out a GPS and all 3 IRS’s, and the third time took both GPS’s and all 3 IRS’s.” The distance from LLBG was roughly 220-250 miles, and the spoofing stopped once we were approx 250nm west of LLBG.
= An Embraer Legacy 650 enroute from Europe to Dubai. They tell us, “In Baghdad airspace, we lost both GPS in the aircraft and on both iPads. Further, the IRS didn’t work anymore. We only realized there was an issue because the autopilot started turning to the left and right, so it it was obvious that something was wrong. After couple of minutes we got error messages on our FMS regarding GPS, etc. So we had to request radar vectors. We were showing about 80 nm off track. During the event, we nearly entered Iran airspace (OIIX/Tehran FIR) with no clearance.
= A Bombardier Challenger 604 experienced spoofing in the Baghdad FIR and required vectors all the way to Doha. “Nearing north of Baghdad something happened where we must have been spoofed. We lost anything related to Nav and the IRS suggested we had drifted by 70-90 miles. We had a ground speed of zero and the aircraft calculated 250kts of wind. The FMS’s reverted to DR (Dead Reckoning) and had no idea where they were. We initially took vectors to get around the corner at SISIN. Nav capability was never restored, so we required vectors all the way from Iraq to Doha for an ILS. We never got our GPS sensors back until we fired up the plane and went back to home base two days later.

read more

Disruption at Israel Postal Company after Cyberattack Last for 6+ Days

April 5, 2023

The Israel Postal Company detected several services including the sending of international mail and courier services were interrupted and proactively shut down part of its computer systems. The attack and shutdown did not affect Israel Post’s banking services. Attack was part of the #OPIsrael hacktivist campaign.

read more

Hacktivists Attack on Israel’s Rail Network

September 16, 2023

The Cyber Avengers hacker group reveals information showing that it targeted the Israeli railroad system’s electrical infrastructure. Israeli media reported that “Israel’s” railroad network has been targeted by a cyberattack. The Cyber Avengers hacker group has revealed information showing that it targeted the Israeli railroad system’s electrical infrastructure.

Since 2020, the Cyber Avengers has hacked into and carried out numerous cyberattacks against the Israeli railroad systems, as per their Telegram channel. The group warned that if the Israeli occupation continues to pursue its crimes, it would deliver dreadful blows to Israeli infrastructure.

read more

DDoS attack at Israel’s Largest Oil Refinery

July 29, 2023

The website of Israel’s largest oil refinery operator, BAZAN Group, became inaccessible to most parts of the world on Sunday due to a potential cyber attack. The website remained accessible from within Israel, possibly after imposition of a geo-block by BAZAN in an attempt to thwart an ongoing cyber attack. In a Telegram channel, Iranian hacktivist group Cyber Avengers has claimed responsibility and leaked what appear to be screenshots of BAZAN’s SCADA systems. The group states that it breached the petrochemicals giant via an exploit targeting a Check Point firewall at the company.

In a statement to BleepingComputer, a spokesperson for BAZAN has dismissed the leaked materials as “entirely fabricated.” An Iranian hacktivist group called Cyber Avengers, also known as CyberAv3ngers, claim to have compromised BAZAN Group

read more

Hackers take control of a water treatment system at a hotel in Israel

September 10, 2022


GhostSec’s claimed breach of 55 Berghof PLCs in Israel. This weekend, on September 10, 2022, the hacktivist group published another announcement alleging that it successfully breached another controller in Israel.The affected controller is an Aegis II controller manufactured by ProMinent.

According to images that the GhostSec published, the group appeared to have taken control of a water system’s pH and chlorine levels. In the published message, the hacktivists said they “understand the damages that can be done …” and that the “Ph pumps” are an exception for their anti-Israeli cyber campaigns.

read more

Attack Disables Irrigation Systems and Disrupts Water Treatment Processes

April 9, 2023

Water controllers for irrigating fields in the Jordan Valley were damaged, as were control systems for the Galil Sewage Corporation. Several water monitors – which monitor irrigation systems and wastewater treatment systems – were left dysfunctional on Sunday after a cyber attack targeted the monitoring systems. Specifically, water controllers for irrigating fields in the Jordan Valley were damaged, as were control systems for the Galil Sewage Corporation.

The management for both major systems was pushing all of Sunday morning to work through the issue and bring the systems back into full operation. Farmers in the region were warned several days prior about suspicions over a planned cyber attack. Some of them, as a result of the warning, disconnected the remote control option for their irrigation systems and switched them to manual operation, instead, to prevent any harm from the attack. Indeed, those who left their systems on remote control were the ones impacted by the attack.

The attack is thought to be part of an annual “hacktivist” campaign that takes place every April, and this year’s attempt at least managed to cause a nuisance for some farms in the Jordan Valley. The cyber attack is part of an annual campaign called “OpIsrael,” which strikes in April with DDoS attacks and breach attempts on targets in the country.

Each year of the cyber attack campaign seems to bring new targets of opportunity. This year the threat actors put a special focus on irrigation systems. The Galil Sewage Corporation was one of the targeted wastewater processors that was breached, and the company reports that the cyber attack blocked several controllers for about a day and disrupted some treatment processes.

read more

Israel Water Monitoring Systems in Cyber Attack

April 9, 2023

Several water monitors – which oversee irrigation systems and wastewater treatment systems – were not operational this past Sunday after a cyber attack targeted the systems.
Specifically, water controllers for irrigating fields in Israel’s Jordan Valley suffered damage along with control systems for the Galil Sewage Corporation.
Workers for the two systems worked throughout the day to get the systems back up and running. The source of the cyberattack, however, is unknown, according to a report in the Jerusalem Post.

read more

Hackers Accessed HMIs at Israeli Water Facility

December 1, 2020

An Iranian threat-actor published a video of a breach in an Israeli reclaimed water reservoir HMI system. According to industrial cybersecurity firm OTORIO, the hackers accessed a human-machine interface (HMI) system that was directly connected to the internet without any authentication or other type of protection. The target was apparently a reclaimed water reservoir. “This gave the attackers easy access to the system and the ability to modify any value in the system, allowing them, for example, to tamper with the water pressure, change the temperature and more. All the adversaries needed was a connection to the world-wide-web, and a web browser,” OTORIO said in a blog post.

read more

PLCs Targeted in Water and Wastewater Facilities Attacks in Israel

April 24, 2020

The Israeli government revealed that wastewater treatment plants, pumping stations and sewage facilities across the country were targeted in a coordinated attack on April 24 and 25. Sources told SecurityWeek that the attackers targeted programmable logic controllers (PLCs) used to control valves. The changes made to the PLC logic were valid, which indicates that the attackers knew exactly what they were doing. The attack may have been discovered after the compromised PLCs caused suspicious valve changes, but it’s unclear if the attackers were trying to cause damage by tampering with valves or if they made an error that led to their discovery.

read more

Hillel Yaffe Hospital Ransomware Attack Paralyzed Majority of Hospital’s Computer Systems.

October 13, 2021

According to reports, among the affected systems are the hospital’s electric doors, as well as the patient registry system – which severely hampered the medical center’s ability to receive and discharge patients. Some non-urgent procedures were canceled, but most of the hospital’s work continued using alternative IT systems and pen and paper. Cybersecurity experts said the hospital did not deploy the best possible security options, making it vulnerable to attack.

The hospital was back to being fully operational over a month after a ransomware attack. To reduce the vulnerability of follow-up attacks, medical centers across Israel shut down some IT systems.

read more