Thousands of Israeli websites defaced by ‘Hackers of Savior’

Thousands of Israeli websites defaced by ‘Hackers of Savior’

Thousands of Israeli websites defaced by ‘Hackers of Savior’

A relatively new hacker group calling itself ‘Hackers of Savior’ has been found attacking and defacing thousands of Israeli websites since April by exploiting a WordPress vulnerability.

The campaign was discovered by experts at cyber security firm Radware who noted that a majority of the websites targeted by ‘Hackers of Savior’ were hosted on uPress, a popular WordPress hosting provider. The hackers exploited a vulnerability in a WordPress plugin to distribute their defacing exploits, forcing uPress to take urgent steps to restore the affected Israeli websites.

Even though Radware did not find any evidence of the hacker group being connected to a nation state, it said that the group's campaign began around the same time when Iran launched a cyber attack targeting Israel's national water infrastructure, forcing the latter to conduct a cyber attack targeting Iran's port facilities.

The firm said that Hackers of Savior carried out its first attack towards the end of April and publicized the attack on Israeli websites as "their first big surprise". The group has promised to target Israeli infrastructure in the future and according to Radware, the group's primary aim is to spread propaganda.

"Expect the Hackers of Savior, and potentially other threat actors, to exploit the tensions between Israel and Iran over the coming days. These attacks will likely be linked to Quds Day or #OpJerusalem. When attributing these attacks, caution should be exercised to avoid attributing them to Israeli or nation-state operators," the firm added.

While it remains to be seen how Israel reacts to the latest spate of cyber attacks specifically targeting thousands of Israeli websites, the country carried out an airstrike on Hamas' headquarters for cyber operations after the organisation carried out a cyber attack on Israeli assets in May last year.

"We thwarted an attempted Hamas cyber offensive against Israeli targets. Following our successful cyber defensive operation, we targeted a building where the Hamas cyber operatives work. HamasCyberHQ.exe has been removed," Israeli Defence Forces posted on Twitter on 5th May.

The attack on Hamas' headquarters for cyber operations located in the Gaza strip took place around the same time when Israeli forces carried out punitive airstrikes on buildings owned by Hamas after the organisation allegedly fired over 700 rockets on Israeli territory that resulted in the death of four Israeli citizens.

Copyright Lyonsdown Limited 2020

Top Articles

SITA data breach compromised data associated with multiple international airlines

SIT, has revealed it recently suffered a major cyber attack that compromised information belonging to customers of several airline companies.

COVID-19-forced work shifts prompting shifts in IT priorities

IT and security teams are changing their priorities to adjust with remote work to ensure productivity amidst COVID-19 related lockdowns.

Tips for building a cyber-security war room

Cyber security war rooms are essential but you need the right team of decision makers to be involved & you need to practice a variety of scenarios

Related Articles