The threat to industrial plants: GhostSec hackers compromise critical control systems

The hacktivist group "GhostSec," which was recently observed targeting Israeli PLCs (Programmable Logic Controllers), has continued to demonstrate its ICS (Industrial Control Systems) hacking capabilities and has now turned its attention to the recent waves of protests in Iran.

David Krivobokov, Research Team Leader at OTORIO, an expert in operational technology (OT) systems security, addresses the current attacks:

"The hackers have released several images as evidence of successfully "hacked" systems. These screenshots show the use of SCADA modules from the Metasploit framework and a MOXA E2214 controller admin web portal after a successful login. However, it is not clear what the ultimate damaging impact of the "breached" systems is, but the case once again shows the ease and potential impact of attacking ICS that have insufficient security accounts.

(Image source: OTORIO)
(Image source: GhostSecs Telegram Channel)

In this case, the hacker collective used the Metasploit framework to attack ICS targets. Metasploit is a powerful and modular framework that enables the execution of various attacks against remote assets. Kali Linux is a Linux distribution for hackers that includes Metasploit "out-of-the-box" as well as provides specific modules for attacks on OT systems. This toolbox allows inexperienced hackers, for example, to scan Internet scanners for potential ICS targets that have open ports and use industry protocols - such as Modbus over port TCP 502 or CIP over TCP port 44818 - and then apply SCADA modules or other ICS attack tools to them.

The most worrying aspect of this development is that GhostSec had compromised PLC web interfaces two weeks ago, but is now quickly starting to look for new open source tools and to get to know different OT protocols and their capabilities better. The group of hacktivists seems to be highly motivated and has skills that are getting stronger every time.

VISULOX - the indispensable portal for secure remote support

VISULOX provides risk-based insights and optimized solutions to protect its customers' complex IT and OT environments. We help them gain insights into the cybersecurity posture of their production environment where OT and IT domains exist and interact. With our transparent security solutions, all remote access to IT systems by privileged users and administrators can be controlled centralized .

VISULOX gives employees individualized access rights. Companies maintain compliance with legal regulations and requirements through control solutions. We provide remote access management with transparency and security. In addition, we cover the entire OT cybersecurity spectrum in our assessment by following industry-recognized standards and covering topics such as risk management, governance, incident response, and identity management.

With our VISULOX Remote Support Security solution you benefit from: 

  • ... efficient management of privileged access, which increases the security of your company.
  • ... a fast implementation that allows you to protect your remote accesses after just a few hours and without massive financial outlay.
  • ... a tool that allows you to better track, troubleshoot and prove errors when working on your infrastructure.

Don't leave the security, especially in the previously neglected OT area of your company to chance, but use VISULOX Remote Support, a tool that adapts to you and your individual situation. 

In recent years, we have protected customers in a wide range of industries from criminal activities - from logistics to suppliers and IT companies to critical infrastructure. Convince yourself of our expertise and arrange a non-binding initial consultation

We look forward to meeting you and showing you how our Security Remote Support solution protects your sensitive data and access to your infrastructure. 

We have more topics we like to write about.

Cookie Consent with Real Cookie Banner