“We are in Israel, the war with you will not be in Bahrain only.” That is what hacktivist group AlToufan wrote after defacing hundreds of Israeli websites.
The latest to join the list, at the time of publishing this report, was RotterNet, a large Israeli website for current affairs and politics.
🇮🇱 Another #Cyberattack hit big Israeli target 🚨
RotterNet (@RotterNet) website was hacked and defaced by ALTOUFAN TEAM, Rotter is a large Israeli website for current affairs and politics#ALTOUFANTEAM pic.twitter.com/ytrmYKvaTT
— DarkFeed (@ido_cohen2) February 14, 2023
According to researchers at the Cyble Research and Intelligence Labs (CRIL), the nascent politically motivated group is protesting the normalization of relations between the two countries.
The threat group has shared a video claiming to have fully compromised the systems and servers of the Social Insurance Organization of Bahrain to raise the base wages of 4,000 insured and registered Bahraini citizens.
According to CRIL, that access to the portal was obtained using info-stealer malware logs (compromised endpoints) rather than a full server compromise.
The group has been carrying out Distributed Denial of Service (DDoS) attacks and defacements against the government and public sites, including Bahrain News Agency, Bahrain Airport, Bahrain Social Insurance Organization, Bahraini daily Akhbar Al Khaleej, and National Financial and Exchange Co. and others.
The group has used the symbol of a clenched fist in their propaganda, similar to Iranian hacktivist groups like “Moses’ Staff” and “Abraham’s Ax”.
They also posted a video showcasing the use of stolen credentials to log into Bahrain’s Social Insurance employer portal and modify some accounts’ base wages. The access to the portal was likely obtained through info-stealer malware logs rather than a full server compromise.
Hacktivism on the Rise
AlToufan Team’s actions highlight the growing threat of politically motivated cyberattacks, which can cause significant damage to critical infrastructure and disrupt essential services. Organizations must remain vigilant and take proactive measures to safeguard their networks and systems against such attacks.
Hacktivist groups based in the Middle East have been utilizing a variety of tactics to further their cause, such as defacing websites, carrying out distributed denial-of-service attacks (DDoS), and infiltrating databases to gain access to sensitive information.
It has been reported that certain members of these groups have also taken to disclosing the confidential information they have obtained as a means of bringing to light instances of misconduct or unethical behavior by institutions, corporations, or governments
The use of hacktivism, which involves the use of hacking and computer technology for political or social activism purposes, is frequently linked to certain groups like Anonymous.
Such groups have gained notoriety for executing prominent attacks against corporations and government agencies in the Middle East, with the objective of shedding light on the unjust practices of governments.
While the effectiveness of hacktivism as a tool for bringing about social change is often debated, some proponents argue that it can be a valuable means of highlighting important issues and holding powerful institutions responsible for their actions.
Defacements and DDoS attacks: Understanding risks and mitigations
The two tactics most commonly used by hacktivist groups are defacements and Denial of Service attacks. Defacements happen when someone changes the content of a website to harm the organization or spread false information. DDoS attacks occur when a website is flooded with too much traffic, making it unusable.
Organizations can follow simple steps to protect themselves. They can use a Web Application Firewall (W.A.F.) or DDoS protection service to stop attacks.
They can also make sure their production servers aren’t accessible to the internet, which makes it harder for attackers to target them.
They can redirect all traffic through the W.A.F. to block any bad traffic and limit the amount of traffic allowed to access the website or web service.
Organizations can also consider using a Content Delivery Network (C.D.N.) and backup servers to make their website available even during a DDoS attack. Lastly, it’s important to back up site data so they can recover from any attacks that result in data loss.