Israel's BAZAN Group Oil Refinery Fends Off Alleged Hack Attack
Iranian 'Cyber Avengers' Group Claims Responsibility
Overt Operator
July 31, 2023
Over the last weekend of July, Israel's largest oil refinery operator, BAZAN Group, found its website unreachable to most global users as threat actors claimed to have infiltrated the group's cyber infrastructure. Based in Haifa Bay, the formerly named Oil Refineries Ltd. generates over $13.5 billion in annual revenue and has a staff of more than 1,800, with a yearly crude oil refining capacity of roughly 9.8 million tons.
Visitors to BAZAN Group's websites, "bazan.co.il" and "eng.bazan.co.il", encountered timing out of traffic, HTTP 502 errors, or outright rejection by the company's servers. The website's inaccessibility to global users has been confirmed by BleepingComputer. Notably, the website could still be accessed within Israel, potentially indicating a geo-block imposed by BAZAN to mitigate an ongoing cyberattack.
Reports revealed the Iranian hacktivist group, 'Cyber Avengers' aka 'CyberAv3ngers', had announced over the weekend on a Telegram channel that they had compromised BAZAN's network.
On Saturday evening, the group went a step further and leaked what appeared to be screenshots of BAZAN's SCADA systems, which are software applications utilized to control and monitor industrial control systems. Screenshots included diagrams of various components such as a "Flare Gas Recovery Unit," "Amine Regeneration" system, a petrochemical "Splitter Section," and PLC code.
In response to the leak, a BAZAN spokesperson has categorically dismissed the materials as "entirely fabricated" in a statement to BleepingComputer.
The hacktivist group insinuated that it had penetrated the petrochemical giant's defenses via an exploit focusing on a Check Point firewall belonging to the company.
An IP address allegedly linked to the firewall device does indeed belong to Oil Refineries Ltd., as BleepingComputer confirmed through public records. At present, attempts to access the IP address return a "Forbidden" error message.
Refuting these claims, a Check Point spokesperson emphasized that "none of these claims are true," echoing the refinery's conclusions. The spokesperson also clarified that "no past vulnerability" could have enabled such an attack.
Furthermore, the CyberAvengers group has taken credit for the 2021 fires at the Haifa Bay petrochemical plants, attributing them to a pipeline malfunction. Previously, in 2020, the same group claimed responsibility for attacks on 28 Israeli railway stations, purportedly targeting over 150 industrial servers.