The Bazan Group, a key player in Israel's energy sector, experienced a major disruption this past weekend due to a cyber attack. This incident resulted in the unexpected shutdown of its website after a Distributed Denial of Service (DDoS) attack was reported, causing considerable concern within the industry.
Employing over 1,800 individuals and generating annual revenues exceeding $13.5 billion, Bazan is not just an ordinary oil refining entity. The refinery has a substantial capacity, processing up to 9.8 million tons of crude oil annually.
“Visitors to the Bazan sites, including bazan.co.il and eng.bazan.co.il, encountered timeouts and HTTP 502 errors, indicating the servers were refusing connections,” said a source familiar with the incident. Reports confirmed that these sites were inaccessible globally, although they remained reachable from within Israel. It is speculated that a geo-block placed by Bazan may have been an attempt to stave off the cyber attack.
Claiming responsibility for the attack was the Iranian hacktivist group known as ‘Cyber Avengers’ or ‘CyberAv3ngers.’ They first announced their involvement over the weekend via a Telegram channel, creating a stir in the cybersecurity community.
On Saturday night, the group leaked what appeared to be screenshots from Bazan’s SCADA systems, which are crucial for monitoring and controlling industrial processes. These images reportedly showcased diagrams including a “Flare Gas Recovery Unit” and a petrochemical “Splitter Section.” According to reports from BleepingComputer, the leaked materials included PLC code, prompting serious concerns about the extent of the breach.
However, a spokesperson for Bazan dismissed the leaked documents as “entirely fabricated,” suggesting that they did not represent genuine data or operational details. “At no point have we confirmed that any of the leaked materials are authentic,” they stated.
By the Numbers
Despite Bazan's denial, the hacktivist group hinted at exploiting a vulnerability within the refinery’s Check Point firewall, which further fueled concerns about the attack's severity. Notably, the IP address implicated in the claims does belong to Oil Refineries Ltd., verified through public records, but it now returns a “Forbidden” error message when accessed, adding to the uncertainty.
A Check Point spokesperson later rebutted the claims, reinforcing that no existing vulnerabilities could facilitate such an attack, thus attempting to alleviate fears regarding the security of the refinery systems.
The Cyber Avengers are known for their previous high-profile claims, including a cyber attack that led to fires at Haifa Bay petrochemical plant in 2021 and alleged attacks on 28 Israeli railway stations in 2020, along with hundreds of industrial servers. However, the validity of their past assertions has not been independently verified by BleepingComputer or other outlets, leaving some skepticism as to the group’s credibility.
As the dust settles from the Bazan incident, experts warn of the broader implications such attacks have on critical infrastructure. “The random and opportunistic nature of these backdoors is alarming,” warned a cybersecurity analyst. “It emphasizes the ease with which attackers can target systems, particularly those with poor security protocols.”
This incident serves as an urgent reminder for industries, especially those within critical infrastructure sectors, to prioritize robust cybersecurity measures. Whatever the origin or authenticity of the leaked documents, the ongoing threat to digital security remains palpable, illustrating the need for heightened vigilance in protecting against cyber threats.