istock.com/mirsad sarajlic
Flashpoint, a leading provider of threat intelligence data and reporting, has been providing almost daily updates on cybersecurity developments since U.S. military actions in Iran began on February 28. The following information summarizes some their findings over the past week.
- NoName057(16). Operating under the "#OpIsrael" campaign, this pro-Russian group claims to have gained full access to an Israeli water management system. They claim visibility and control over pump activity, pressure, and water flow via a SCADA interface, as well as access to the engineering equipment of an industrial facility. These claims remain unverified.
- Fatemiyoun Electronic Team. This Iran-backed militia group claimed responsibility for a denial-of-service attack against the Kuwaiti News Agency. Flashpoint analysts observed that the site was inaccessible, indicating a likely legitimate and successful disruption.
- FAD Team (Fynix). The Iranian "hacktivist" group claimed the breach of a Saudi sectarian website and threatened to leak a file containing contact information for over 200 Israeli journalists, civilians and soldiers. Identifying with the "Islamic Resistance in Iraq," this group also claimed responsibility for breaching the Israeli academic platform "WeLearn" and the Saudi "Maad Hospitality Towers," exfiltrating emails and platform data.
- Handala: Perhaps the most notorious and well funded Iran-backed hacker group, Handala issued a direct threat on Telegram, stating, "Benjamin Netanyahu; the main target soon. The countdown has begun." This pro-Palestinian group also claimed a massive breach of Saudi Aramco - Saudi Arabia's primarily state-owned oil company - alleging that they destroyed the company's infrastructure and ceased oil extraction. They released proof-of-concept documents and internal schematics in an attempt to verify the attack.
- Threats to the Tech Sector. Pro-Islamic Revolutionary Guard Corps propaganda channels are circulating claims that Google may become a target, framing the company as a "technology assistant to the U.S. military." Note: These are unverified claims from propaganda sources, but they represent a notable shift in targeting rhetoric.
- PalachPro & NoName057(16): A new group, PalachPro, has signaled coordination with Iranian hackers to amplify cyber campaigns against U.S. and Israeli targets.
- Industrial Control System (ICS) Targeting. The "Cyber Islamic Resistance Axis" claimed penetration of over 130 remote control systems belonging to Control Applications LTD in Israel and other countries.
- Logistics Sabotage. Pro-Iranian actors detailed a successful intrusion into the Jordan Silos and Supply General Company, claiming they gained access via phishing.
- Government/Commercial Disruption. Attacks continued against government and commercial entities in Gulf states, including DDoS and data breach claims against the Bahrain Communications Regulatory Authority, Dubai Medical City, and the Zayed Charitable & Humanitarian Foundation.
- CyberAv3ngers. Mr. Soul (who has been linked to the Iranian CyberAv3ngers group) announced a return to operations. This group was linked to ICS attacks on water treatment and beverage processing enterprises in the U.S. and Israel in 2023.
