Israel’s premier oil refinery operator, BAZAN Group, faced an unexpected shutdown of its website. This shutdown came after a Distributed Denial of Service (DDoS) attack. The company, once known as Oil Refineries Ltd., plays a major role in the energy sector. It makes more than $13.5 billion per year. It also employs over 1,800 staff members.
Bazan Group is Massive Oil Refining Capacity
BAZAN is not a small player in the market. Its refining capacity reaches 9.8 million tons of crude oil per year. The company is proud of this achievement.
Details of the Website Outage of Bazan Group
The incident happened over the weekend. Visitors to the sites bazan.co.il and eng.bazan.co.il faced timeouts. They saw HTTP 502 errors. The company’s servers refused the connections. Reports confirmed the sites were down. They were inaccessible to global users.
Interestingly, the sites were accessible from Israel. It is believed that a geo-block by BAZAN was the cause. The block may have been an attempt to stop the cyber attack.
Who Claimed Responsibility?
The Iranian hacktivist group known as ‘Cyber Avengers’ or ‘CyberAv3ngers’ claimed the attack. They announced the breach on a Telegram channel over the weekend.
Evidence of the Attack
On Saturday night, the group leaked apparent screenshots. These were from BAZAN’s SCADA systems. SCADA systems monitor and run industrial controls. The leaks showed diagrams of various systems. They included a “Flare Gas Recovery Unit” and “Amine Regeneration.” A petrochemical “Splitter Section” was also part of the leaks. BleepingComputer saw the PLC code.
BAZAN dismissed these materials. A spokesperson called them “entirely fabricated.” But the hacktivist group hinted at an exploit. They said it was in the petrochemical giant’s Check Point firewall.
The IP address in question does indeed belong to Oil Refineries Ltd. This was confirmed via public records. The IP address now returns a “Forbidden” error message.
A Check Point spokesperson refuted the claims. The refinery’s findings were backed up in an email. The Check Point representative clarified further. They said no past vulnerability would enable such an attack.
Past Actions by Cyber Avengers
Cyber Avengers is no stranger to claims of attacks. They take credit for the 2021 Haifa Bay petrochemical plant fires. They say it was a pipeline malfunction. In 2020, they claimed to have attacked 28 Israeli railway stations. They said they targeted more than 150 industrial servers.
The veracity of these previous claims is not confirmed. BleepingComputer could not verify them independently.
Conclusion
The random and opportunistic nature of these backdoors is a concern. It means any system with a USB port could be at risk. The situation with BAZAN’s website is a stark reminder. Cybersecurity must be a top priority for businesses today. Whether the leaked materials were authentic or not, the threat is real. The DDoS attack on Israel’s largest oil refinery operator is a case in point.
