Website of Israel's largest oil refinery offline, suspected cyber attack

Israel's largest oil refinery operator, BAZAN Group, was targeted by a Distributed Denial of Service (DDoS) attack, which resulted in the inaccessibility of its website, bazan.co.il, and eng.bazan.co.il, from various locations worldwide. The attack was attributed to threat actors who claimed to have successfully hacked the Group's cyber systems.

During the weekend, visitors attempting to access BAZAN's websites faced several issues, including timeouts, HTTP 502 errors, and refusals from the company's servers. It was confirmed that the website became inaccessible for most users globally. However, it was still accessible from within Israel, leading to speculations of a geo-block implemented by BAZAN to counter the ongoing cyber attack.

An Iranian hacktivist group known as 'Cyber Avengers' or 'CyberAv3ngers' claimed that they had caused the DDoS as a distraction to successfully infiltrate BAZAN's network. In order to verify their claims the group leaked screenshots, purportedly belonging to BAZAN's SCADA systems. These screenshots included diagrams of critical systems such as "Flare Gas Recovery Unit," "Amine Regeneration" system, a petrochemical "Splitter Section," and PLC code.

According BAZAN the company's servers and assets remained unaffected, and the disruption was primarily due to the DDoS attack. They claim that the leaked information aims to spread misinformation and cause confusion.

However, the hacktivist group hinted that they had exploited a vulnerability in a Check Point firewall at the company to breach its systems and shared an IP address of the firewall. While the IP address can be confirmed to be assigned to BAZAN, it currently just returns a 403 "Forbidden" error message when accessed.

Check Point, the provider of the firewall, refuted the hacktivist group's claims, stating that there were no past vulnerabilities that could have enabled such an attack. They reiterated the findings of the refinery.