On May 21, 2020, more than 2,000 Israeli sites were attacked by the hacker group Hackers of Savior. Most of the affected resources, many of them belonged to large companies, were hosted on uPress – Israeli WordPress hosting.
According to official statement representatives of the hosting company, for hacking, attackers took advantage of the vulnerability in an unnamed plugin for WordPress.
On hacked resources, the attackers posted messages of an anti-Israeli nature, and also infected the sites with a malicious script that requested permission to access visitors' webcams.
According to Profero specialists, there were two versions of this script: one was requesting access to people's webcams, and the second was trying to take a picture of the user and upload the picture to a remote server.
Also on all infected sites, hackers posted YouTube video with the message: "The countdown for the destruction of Israel began a long time ago."
UPress reports that it is investigating the incident and has already brought in local law enforcement agencies. Currently, the host’s specialists have temporarily suspended the work of the affected resources and have already got rid of the malicious files used by the hackers. Now work is underway to restore the normal functioning of sites.
Edition Zdnet reports that the Hackers of Savior group, according to preliminary data, has nine members living in Muslim countries, such as Turkey, Palestine, Morocco and Egypt. The attacks of the group were timed to the Israeli national day, Jerusalem Day, dedicated to the reunification of Jerusalem after the Six Day War (1967).
Israel’s National Cyber Directorate has already warned users against any interaction with any hacked sites. The fact is that not all resources went offline – some of them are still available, and are most likely cached by CDN providers.
אנו מעדכנים כי בשעות האחרונות התקבלו דיווחים במערך הסייבר הלאומי אודות אתרי אינטרנט בישראל שהושחתו עם מסרי הנושא מטופל על ידי המערך. אנו ממליצים לגולשים להימנע מלחיצה על קישורים במידה שגולשים לאתר שהושחת.
– Cyber Israel (@Israel_Cyber) May 21, 2020
I must say that the Israeli media vyingly report that the responsibility for this attack lies with the "Iranian hackers", but so far there is no evidence of Iran’s involvement in this incident.