GhostSec (for Ghost Security) is a hacktivist group active since 2015, the date of their first attacks against sites that preach radical Islamism. In late February 2022, the group took Ukraine’s side at the start of the conflict with Russia.
But on 4 September 2022 on its Telegram channel, GhostSec claimed it had taken control of an Israeli industrial organisation’s PLC in defence of Palestine. The hackers demonstrated a successful login to the PLC’s administration panel and transferred data from the hacked controllers.
Soon after, GhostSec claimed that it had compromised 55 Berghof PLCs used by Israeli organisations, as part of its “Free Palestine” campaign.
According to cybersecurity firm Otorio, this compromise arose from these PLC’s “trivial” Internet connection security. “Despite the low impact of this incident, this is a great example where a cyberattack could have easily been avoided by simple, proper configuration,” the researchers said.
This attack is part of a wider set of cyber-offensives from the group against Israeli SCADA/ICS systems. GhostSec also said that it had limited the extent of the attack so that no “innocent Israeli” would suffer, stating that they always fought “for the people not against them”.