Heimdal
article featured image

Contents:

The BAZAN Group’s website is inaccessible since this weekend due to a DDoS attack. The Iranian hacktivist group, “Cyber Avengers” (“CyberAv3ngers”) claims to have breached the Group’s security systems and managed to exfiltrate data.

Israel’s largest oil refinery operator is based in Haifa Bay, generates an annual revenue of $13.5 billion, has more than 1,800 employees, and can refine roughly 9.8 million tons of crude oil in total annually.

Details About the Attack

The incoming traffic to BAZAN Group’s websites, bazan.co.il and eng.bazan.co.il, is getting HTTP 502 errors or completely refused by the company’s servers.

BleepingComputer confirmed that the oil refinery’s website has been made inaccessible for most visitors from around the world.

In our tests, the website was, however accessible from within Israel, possibly after imposition of a geo-block by BAZAN in an attempt to thwart an ongoing cyberattack.

Source

The “Cyber Avengers” hacktivist group claimed the DDoS attack on a Telegram channel. Furthermore, the cybercriminals published on Saturday evening what appeared to be screenshots of BAZAN’s SCADA systems, which are programs used to keep an eye on and manage industrial control systems.

The leaks included diagrams of “Flare Gas Recovery Unit,” “Amine Regeneration” system, a petrochemical “Splitter Section,” and PLC code.

BAZAN Group, Israel's Largest Oil Refinery, Had Its Website Hit by a DDoS Attack

Source

Hackers announced the way they managed to breach the company: using an exploit targeting a Check Point firewall. BleepingComputer confirmed that the firewall’s IP address is assigned to Oil Refineries Ltd.

BAZAN Denies the Data Leak

A spokesperson for BAZAN has denied the authenticity of the leaked materials.

We are aware of recent false publications regarding a hostile group’s attempt to carry out a cyber-attack on Bazan. Please note that the information and images being circulated are entirely fabricated and have no association with Bazan or its assets. While our image website briefly experienced disruption during a DDoS attack, no damage was observed to the company’s servers or assets. This appears to be an act of propaganda aimed at spreading misinformation and causing a consciousness effect.

Source

Furthermore, they added that the company is closely collaborating with the Israeli National Cyber Directorate to keep an eye out for any odd activities and its cybersecurity measures are working to assure the safety of operations.

Check Point also labeled the claims about the exploit as untrue, reassuring that such a vulnerability does not exist.

“Cyber Avengers” also bragged about being the ones culpable for the pipeline breakdown that resulted in fires in 2021 at the petrochemical factories in Haifa Bay. Previously, in 2020, they also claimed attacks on 28 Israeli railway stations by targeting more than 150 industrial servers.

If you liked this article, follow us on LinkedInTwitterFacebook, and YouTube for more cybersecurity news and topics.

Author Profile

Andreea Chebac

Digital Content Creator

Andreea is a digital content creator within Heimdal® with a great belief in the educational power of content.

CHECK OUR SUITE OF 11 CYBERSECURITY SOLUTIONS

SEE MORE