On May 21, 2020, a new hacktivist group going by the name ‘Hackers of Savior’ launched a defacing campaign targeting thousands of Israeli websites.
Read the Complete Alert
Background
On May 21, 2020, a new hacktivist group going by the name ‘Hackers of Savior’ launched a defacing campaign targeting thousands of Israeli websites.
Figure 1: Defaced website
There has been significant cyber activity over the previous two months leading up to the website defacing campaign. In April of 2020, Iran launched a cyberattack against Israel’s national water infrastructure. While no significant damage occurred, the cyberattack effected six facilities with impacts ranging from unauthorized access to data destruction. In retaliation, Israel launched a disruptive attack targeting Iran’s port facilities. This was followed by a warning from the Israel National Cyber Directorate in the middle of May about looming cyberattacks targeting Israel as part of the Anonymous operation #OpJerusalem and in association with the eve of Quds Day, an annual event held on the last day of Ramadan that was initiated by Iran in 1979.
The new website defacing campaign is being carried out by a new hacktivist group, Hackers of Savior, who formed on Facebook in April of 2020. At the time of publication, there is no indication that they are related to a nation state. On May 21, 2020, Hackers of Savior carried out what they called their ‘first step’ in targeting Israeli infrastructure and are using this attack as a platform to call for volunteers. Reports indicate that Hackers of Savior used a security vulnerability in a WordPress plugin to distribute their defacing exploits. A majority of the defaced websites were located on uPress, resulting in the vendor issuing a statement about the cyber event.