Over the weekend, the website of Israel’s largest oil refinery operator, Bazan Group, became inaccessible to most parts of the world after Iranian threat actors claimed to have successfully hacked the company’s cyber systems.
The group, Cyber Avengers or CyberAv3ngers, disclosed the news on their Telegram channel. To further support their claim, the group leaked screenshots of Bazan’s SCADA systems — crucial software applications used to monitor and operate industrial control systems.
Among the circulated materials were diagrams of key infrastructure, including the Flare Gas Recovery Unit, Amine Regeneration, a petrochemical Splitter Section, and PLC code.
Incoming traffic to Bazan Group’s websites, bazan.co.il and eng.bazan.co.il, resulted in a timeout with HTTP 502 errors or server refusals. This inaccessibility was prevalent for visitors outside of Israel, leading to speculations that Bazan may have imposed a geo-block to thwart the ongoing cyber attack.
Bazan, however, denied the authenticity of the leaked materials, labelling them as entirely fabricated. The hacktivist group hinted that they had gained access to the company’s systems by exploiting a vulnerability in a Check Point firewall.
“We are aware of recent false publications regarding a hostile group’s attempt to cyber-attack on Bazan. Please note that the information and images being circulated are entirely fabricated and have no association with Bazan or its assets. While our image website briefly experienced disruption during a DDoS attack, no damage was observed to the company’s servers or assets. This appears to be an act of propaganda aimed at spreading misinformation and causing a consciousness effect.” Bazan Group’s spokesperson told BleepingComputer.
In response to the allegations, Check Point, the firewall provider, stressed that no vulnerabilities in their product could have facilitated such an attack. They refuted Cyber Avengers’ claims, reiterating that the company’s firewall was secure.
This is not the first time Cyber Avengers has made bold claims regarding their cyber attacks. The group boasts of being responsible for the 2021 fires at Hafia Bay petrochemical plants, attributed to a pipeline malfunction, and attackers on 28 Israeli railway stations in 2020, targeting more than 150 industrial servers. However, the veracity of these prior claims remains unverified by independent sources.
Bazan Group is one of Israel’s biggest oil refineries boasting a massive annual revenue of over $13.5 billion and employing 1,800 people. The company is crucial to Israel’s energy security as it generates about 10 million tons of crude oil annually.