The Red Alert app, which provides real-time rocket alerts in Israel, has fallen victim to a cyberattack by the pro-Palestinian hacktivist group AnonGhost. Researchers from the cybersecurity firm Group-IB have revealed that AnonGhost exploited an application programming interface (API) vulnerability in the app, allowing them to send fake nuclear attack threats to users.
Exploiting an API Vulnerability
In this exploit, AnonGhost intercepted requests, identified vulnerable servers and APIs, and used Python scripts to send spam messages through the app’s chat feature. AnonGhost shared information about their supposed attack on their official Telegram channel, where a screenshot suggested that they sent messages to users claiming a “nuclear bomb is coming.”
Scope of the Attack
The attackers claimed that “all 10k to 20k users of this application” should have received these fake messages. Attempts to confirm the breach with the app’s developers were unsuccessful, but the app was subsequently removed from the Google Play Store.
Other Rocket Alert Apps Unaffected
After targeting the Red Alert app, AnonGhost turned their attention to other rocket alert applications, including RedAlert by Elad Nava and Red Alert by Cumta. However, as of October 11th, 08:30 AM GMT, RedAlert by Elad Nava was reported to be functioning normally. The developers of Red Alert by Cumta also stated that their app was operating without any downtime.
Cyberattacks Amid Ongoing Conflict
The moniker AnonGhost has been associated with cyberattacks for some time, and in the past, researchers believed the group had ties to the Islamic State (ISIS). Recent Hamas attacks in Israel have led to increased cyber warfare. The Ghosts of Palestine group targeted Israeli websites, while the Ganosec Team expressed its intention to disrupt the website of the Israeli Security Agency.
In the wake of the Hamas incursion, access to the Israeli government website gov.il became impossible, with the pro-Russian group Killnet claiming responsibility for the attack on Telegram. Anonymous Sudan, a hacktivist group suspected of having Russian ties, has aligned itself with Hamas and Killnet on Telegram.
Pro-Israeli hacktivist groups have also been active, with the official Hamas website allegedly taken down by a group called India Cyber Force. Other pro-Israeli groups include SilenOne, Garuna Ops, and Team UCC Ops.
Group-IB reported that various threat actor groups have become involved in the Israel-Hamas conflict, reflecting a similar situation to the early months following Russia’s invasion of Ukraine.
The conflict between Israel and Hamas has caused significant casualties on both sides, with attacks and counterattacks intensifying the situation.