On 8 October, the hacktivist group known as Cyber Av3ngers claimed responsibility for a cyberattack on the Dorad power plant in Israel, showcasing PDF files and documents on their Telegram channel as proof. However, the Israeli authorities have not confirmed the cyberattack.

Based on various media reports which pointed out the matching of alleged copies of leaks by the Moses Staff group from last year, it was suggested that the claim by Cyber Av3ngers was false. Delving deeper, Kaspersky researchers uncovered the actual leak made by Moses Staff.

The data, initially leaked by Moses Staff in June 2022, included information from multiple Israeli companies. The data related to the Dorad private power station breach had timestamps dating back to August 2020, while the leak files’ compression timestamps pointed to 14 June 2022. The leak, comprising of PDF documents, png/jpg photos, and a video was published by the attackers alongside the data leak.

By comparing the photos from Cyber Av3ngers with the originals from Moses Staff, Kaspersky experts observed that Cyber Av3ngers reused photos from the Moses Staff leak including PDF documents and videos. Additionally, Cyber Av3ngers altered the photos by cropping them and adding a logo image before publishing.

Kaspersky experts have found no evidence linking Cyber Av3ngers with Moses Staff or Cyber Avengers, despite the similarities in names. The individual behind the Cyber Av3ngers Telegram channel may also be attempting to frame Cyber Avengers as impostors.

“This case underscores the intricate dynamics among hacktivist circles where rivalry and the pursuit of publicity can lead to misleading claims of cyber aggression,” says Igor Kuznetsov, director at Kaspersky’s Global Research & Analysis Team (GReAT). “It’s crucial we delve deeply into such incidents to grasp the essence of the compromised data, its origin, and whether any security loopholes were leveraged. Moreover, this situation accentuates the significance of fortifying cybersecurity protocols to safeguard against both emerging and recurrent threats targeting IT and OT systems.”

A comparison of the images from the Moses Staff leak in June 2022, and the images from the Cyber Av3ngers leak claim on October 8, 2023, can be found here.