Thousands of Israeli Websites Defaced by ‘Hackers of Savior’

Hundreds or even thousands of Israeli websites were victims of a cyberattack campaign by a group of hackers to mark Al-Quds (Jerusalem) Day. The group, known as ‘Hackers of Saviour’, reportedly contains nine members, all from Muslim countries, such as Turkey, Palestine, Morocco, Egypt, and Gaza.

What happened

The notorious hacktivist group, Hackers of Savior, showed its presence with a Facebook page created in April of 2020, and has been attacking different organizations since then.
  • Hackers of Savior group carried out a website defacement campaign against more than 2,000 Israeli websites. The group called it their ‘first step’ in targeting Israeli infrastructure and were using the campaign as a platform to call for volunteers.
  • A majority of the defaced websites were located on uPress, a popular WordPress hosting provider. They used a security vulnerability in a WordPress plugin to distribute their exploits.
  • The targeted sites included those of Bang and Olufsen Israel, Bet Gabriet, Yad L'Ahim, and several religious Jewish high schools and post-high school programs.
  • The attackers replaced the defaced home pages with images of the country's commercial capital Tel Aviv in flames. The pages were replaced with the slogan. They tried to gain personal information from users with malicious code seeking permission to access visitors' webcams.

Other recent attacks on Israeli organizations

In recent times, many Israeli individuals and organizations were hit by severe cyberattacks, most of which were attributed to state-sponsored hackers.
  • In April 2020, unknown hackers targeted Israeli water supply and treatment facilities. They attempted to disrupt the networks of wastewater treatment plants, water pumping stations, and sewers.
  • In the same month, the Florentine Banker group launched a targeted phishing campaign against Israel-based finance sector firms and top individuals inside the victim companies like CEOs, CFOs, and other key personnel.
  • The Florentine Banker group managed to trick three British private equity firms into wire-transferring a total of $1.3 million to their bank accounts via a carefully-planned man-in-the-middle (MITM) attack.

Stay safe

Users should encrypt and backup their data to protect it from cybercriminals. Use sound security practices to prevent infiltration or damage to your computer without your knowledge. Users should run a trusted anti-virus protection program, do periodic scans for spyware, and avoid clicking on suspicious email links or websites.