Analysis
Attacks and Vulnerabilities
Critical infrastructure
Industrial Cyber Attacks
Malware, Phishing & Ransomware
News
Threat Landscape
Transportation
Utilities: Energy & Power, Water, Waste

Israeli oil refinery BAZAN Group website reportedly down due to DDoS attack

July 31, 2023
Israeli oil refinery BAZAN Group website reportedly down due to DDoS attack

Corporate websites of BAZAN Group, Israel’s largest oil refinery operator, are currently inaccessible from most parts of the world due to cyber systems being targeted. Over the weekend, incoming traffic to BAZAN Group’s websites, bazan.co.il and eng.bazan.co.il faced HTTP 502 errors or access denied (403) by the company’s servers.

News reports have indicated that a DDoS (distributed denial-of-service) attack was involved, while Twitter messages suggest that an Iranian hacktivist group called Cyber Avengers, also known as CyberAv3ngers, claim to have compromised BAZAN Group. Additionally, in a Telegram channel, Cyber Avengers claimed that it had breached BAZAN’s network over the weekend.

On Saturday evening, the group additionally leaked what appeared to be screenshots of BAZAN’s SCADA (Supervisory Control and Data Acquisition) systems, which are software applications used to monitor and operate industrial control systems. These included diagrams of ‘Flare Gas Recovery Unit,’ ‘Amine Regeneration’ system, a petrochemical ‘Splitter Section,’ and PLC (Programmable Logic Controller) code.

Another news report identified that the hacktivist group stated that they breached BAZAN’s network by exploiting a vulnerability in a Check Point firewall. The IP address associated with the firewall device is confirmed to be assigned to Oil Refineries Ltd. The threat actor posted a message on Telegram saying, “Since 2020 we’ve blown u up a lot, but the worst is yet to come.”

In addition to the website breach, the CyberAvengers claim responsibility for the 2021 fires at petrochemical plants in Haifa Bay due to a pipeline malfunction. They also alleged attacks on 28 Israeli railway stations in 2020 by targeting industrial servers. However, at present, the veracity of these claims made by the threat actor remains unconfirmed.

In a statement to BleepingComputer, a BAZAN spokesperson dismissed the leaked materials as ‘entirely fabricated.’

“We are aware of recent false publications regarding a hostile group’s attempt to carry out a cyber-attack on Bazan,” according to the spokesperson. “Please note that the information and images being circulated are entirely fabricated and have no association with Bazan or its assets. While our image website briefly experienced disruption during a DDoS attack, no damage was observed to the company’s servers or assets. This appears to be an act of propaganda aimed at spreading misinformation and causing a consciousness effect.”

The spokesperson added that “Our cybersecurity measures are vigilant, we are working closely with the Israeli National Cyber Directorate and our partners to monitor any suspicious activity to ensure the safety and integrity of our operations.”

In April, automated irrigation systems in the Northern part of Israel were briefly disrupted. The Jerusalem Post reported that hackers targeted water controllers for irrigation systems at farms in the Jordan Valley, as well as wastewater treatment control systems belonging to the Galil Sewage Corporation.

Farms were warned by Israel’s National Cyber Directorate prior to the incident, being instructed to disable remote connections to these systems due to the high risk of cyberattacks. Roughly a dozen farms in the Jordan Valley and other areas failed to do so and had their water controllers hacked. This led to automated irrigation systems being temporarily disabled, forcing farmers to turn to manual irrigation. 

Also, in April, hackers targeted the Israeli Postal Company, exposing several  vulnerabilities, amidst a wave of cyberattacks against the country’s websites and institutions by hackers. The attack on Israel Post was ultimately stopped at the critical moment, and as far as is known, no sensitive information was leaked, and there was no damage caused.

Last month, the Canadian Centre for Cyber Security warned its oil and gas sector that medium- to high-sophistication cyber threat hackers are likely to consider striking organizations indirectly by initially targeting the supply chain. The agency also expects an even chance that Canada’s oil and gas infrastructure would be affected by cyber activity against U.S. assets due to cross-border integration. These adversaries target the supply chain to obtain commercially valuable intellectual property and information from suppliers about the target organization’s networks and OT (operational technology) and as an indirect route to access a target organization’s networks.

Anna Ribeiro
Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related

Securing cloud, IIoT in Industry 4.0 emerges crucial for protecting industrial operations across OT/ICS environments
Securing cloud, IIoT in Industry 4.0 emerges crucial for protecting industrial operations across OT/ICS environments
Through the Lens of a Case Study: What It Takes to Be a Cyber-Physical Risk Analyst
Through the Lens of a Case Study: What It Takes to Be a Cyber-Physical Risk Analyst
Dragos reports decline in ransomware attacks on industrial sector amid law enforcement measures
Dragos reports decline in ransomware attacks on industrial sector amid law enforcement measures
MITRE's CREF Navigator aligns with DoD's CMMC to boost cyber resilience in defense industrial base
MITRE’s CREF Navigator aligns with DoD’s CMMC to boost cyber resilience in defense industrial base
UK’s NCSC debuts CAF v3.2 to address rising threats to critical national infrastructure, boosts cybersecurity readiness
UK’s NCSC debuts CAF v3.2 to address rising threats to critical national infrastructure, boosts cybersecurity readiness
Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure
Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure
Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates
Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates
ASIS Foundation reports on impact of autonomous vehicles on security and technology
ASIS Foundation reports on impact of autonomous vehicles on security and technology
European Commission makes €112 million investment in AI, quantum research under Horizon Europe program
European Commission makes €112 million investment in AI, quantum research under Horizon Europe program
MITRE unveils ATT&CK v15 with upgraded detections, analytic format, cross-domain adversary insights
MITRE unveils ATT&CK v15 with upgraded detections, analytic format, cross-domain adversary insights