A joint advisory from members of the National Council of ISACs (NCI) urged organizations across critical infrastructure sectors to strengthen preparedness. Security groups expressed their opinion that Iranian state-sponsored hackers, aligned hacktivist and vast cybercriminal networks could increase cyberattacks taking advantage of middle east regional escalation.

As geopolitical crises elevate to a new level, the risk of physical attacks that could be potential targets are public spaces or essential services. The bulletin stresses that warning is intended to raise awareness across industry rather than indicate confirmed increases in malicious activity.

Prominent Hacking groups who emerged strong in recent times inflicting massive financial losses as per reports and statistics. They targeted ICS and overall tech environments. It is high time extra security preparedness by organizations is there to reduce security incidents.

Key Updates & observation

The bulletin stresses that the warning is intended to raise awareness across industry rather than indicate confirmed increases in malicious activity

WaterISAC is sharing a new (TLP:CLEAR) joint advisory developed with several ISAC partners, led by IT-ISAC, regarding the evolving conflict in the Middle East and its potential implications for critical infrastructure organizations.  

Members of the National Council of ISACs (NCI) have collaborated on this joint bulletin to raise awareness across the critical infrastructure community of this common threat to critical infrastructure and global business more generally.

There are confirmed disruptions to cloud services resulting from a kinetic attack, demonstrating, yet again, but in a new way, how physical security incidents can cause cyber impacts.

The advisory pointed Iran is a formidable cyber adversary that is hosting several prominent state-sponsored threat groups.

Observation from the past made them conclude these operations may include cyber espionage, disruptive and financially motivated cybercrime leading to ransomware attacks .

Additional concerns from security observers are arising due to potential indicators from Russian backed affiliated threat actors may align with Iranian actors leading to worse situations where exacerbating the existing risk to critical infrastructure for organizations.

The bulletin mentions that any ISAC’s participation in this advisory is not an indication that the ISAC or its individual members are experiencing increased threat actor activity.

Several groups have emerged as notable threat to critical infrastructure mentioned below

Sandcat Hacking Group– targets industrial control systems and operational technology environments, often exploiting internet-exposed ICS (industrial control systems) and SCADA (supervisory control and data acquisition) devices that use default credentials or unpatched vulnerabilities. 

Handala Group— Know as Void Manticore, focuses on psychological operations and hack-and-leak campaigns, primarily targeting Israeli organizations and companies connected to Israel through phishing and SMS-based social engineering.

Cyber Islamic Resistance or Team 313– This hacking group functions as a loose coordination network that organizes disruptive campaigns across multiple hacktivist groups targeting entities in the Middle East, the U.S., and parts of Asia. 

Fatimion Cyber Team or FAD Team – focuses on destructive operations, including wiper malware and large-scale SQL injection campaigns They also claimed unauthorized access to SCADA and PLC systems in several countries.

OilRig (APT34)-specializes in cyber espionage and intelligence gathering. This group has history of targeting critical infrastructure in the Middle East, its operations have expanded to other regions, including the United States. The group uses spear-phishing campaigns, including LinkedIn-based attacks, to gain initial access and deploys custom malware alongside exploits for known vulnerabilities.

Conclusion:

• As we understand the growing intensity and widespread nature of recent attacks in middle-east, that highlights an urgent need to expand and strengthen certain areas of infrastructure who are prone to targets.
• To effectively respond to emerging threats, from attacks from spyware to complex social engineering, organizations must swiftly expand and strengthen the digital security helpdesk to effectively respond to advanced threats or various grades of spyware.
• Organizations must facilitate access to digital security services for high-risk groups, especially in underserved areas and increase the speed of sending digital security alerts.
• Security awareness and training serve as the primary defense against threats rooted in social engineering and human error.By empowering employees to recognize and respond to suspicious activity, organizations can drastically lower their risk exposure.

Sources: ISAC advisory highlights cyber and physical risks to critical infrastructure as Middle East tensions rise – Industrial Cyber