Posted on August 2, 2023 at 2:08 PM
BAZAN Group Targeted By A DDoS Campaign That Made The Company’s Website Inaccessible
The website of the largest oil refiner operator in Israel, BAZAN Group, has been targeted by a threat actor group that claims to have launched a distributed denial-of-service (DDoS) attack. The hacking campaign has resulted in the company’s website not being accessible in many parts globally.
BAZAN Group hacker group targeted by a DDOS campaign
BAZAN Group is a hacker group in Haifa Bay, previously known as Oil Refineries Ltd. The activities of this hacker group have resulted in annual revenues of more than $13.5 billion. The company has also employed over 1,800 people, making it one of the largest companies in Israel.
The total oil refining capacity offered by the company is around 9.8 million tons of crude oil annually. As one of the largest players in the crude oil industry, the hacking campaign on the company has resulted in significant damage to its operations.
The websites targeted by an influx of traffic are bazan.co.il and eng.bazan.co.il. The DDoS campaign launched against these two websites resulted in them not being accessible by users after displaying HTTP 5-2 errors. Access to these websites was also denied by the company’s servers.
According to reports, the website of this oil refinery company has been inaccessible to many people globally. The tests by the company on the issue also indicate that while the website could not be accessible in other countries, it was accessible in Israel. The DDoS campaign did not affect Israeli users because the company has imposed a geo-block to mitigate against potential cyber-attacks.
Iranian hacktivist group claims responsibility
A hacktivist group based in Iran known as Cyber Avengers or CyberAv3ngers has claimed responsibility for this hacking campaign. The group said it had illegally accessed the company’s network during the weekend.
The hacker group also appeared to have leaked information it claimed to have stolen from the company. The leaked data includes screenshots of the SCADA systems used by BAZAN. These systems include software applications used in monitoring and operating industrial control systems.
The leaked images also featured diagrams of a Flare Gas Recovery Unit, an Anime Regeneration system, a petrochemical Splitter Section and a PLC code. The stolen data indicates that this hacking activity might have significantly damaged the targeted company.
A spokesperson from the company also reached out to BleepingComputer and dismissed the allegations of hackers accessing company data. DDoS attacks focus on flooding an online platform with traffic to make it inaccessible. However, in such cases, the hacker does not necessarily gain access to the company’s data. This will only happen in cases where the hackers used the DDoS attack as a smokescreen to conduct another attack.
“We are aware of recent false publications regarding a hostile group’s attempt to carry out a cyber-attack on Bazan. Please note that the information and images being circulated are entirely fabricated and have no association with Bazan or its assets,” the company said.
However, the company admitted to the DDoS campaign, saying that while the attack caused service disruption, there was no significant damage to the company’s assets or servers. The company also said that the hacking campaign appeared inspired by propaganda to spread false information and cause panic.
BAZAN said that its cybersecurity systems were robust to mitigate against such attacks. It also noted that it worked alongside the Israeli National Cyber Directorate and its partners to monitor suspicious activity and ensure safe operations.
The statement from the hacktivist group behind this hacking campaign also said that it gained entry to the petrochemicals giant firm through a hack that targeted the Check Point firewall.
The IP address of the Check Point firewall belongs to the company, according to public records. A spokesperson from Check Point said that none of the claims made by these hackers were accurate and that the oil refinery’s findings were correct in that the hackers did not access company information.
It is not the first time that CyberAvengers is targeting the oil industry. The group claimed responsibility for the 2021 incident at the Haifa Bay petrochemical plans attributed to a pipeline malfunction.
In 2020, the hacker group claimed responsibility for a breach that targeted 28 railway stations in Israel after compromising over 150 industrial servers. However, none of these claims have been verified independently.