Security Breach: From ISIS to ICS - Why You Need to Know About GhostSec

The self-described Hacktivist group has transitioned from terrorists to PLCs, and created a roadmap for industrial hackers to follow.

GhostSec describes itself as a hacktivist group. Formed around 2015, the organization’s initial focus was shutting down ISIS websites and infiltrating their social media platforms. From there, GhostSec expanded its targets to include oppressive government regimes and organizations like Qanon.

So, it could be argued that its targets were meshing with its hacktivist mantra. Recently, the organization has been linked to politically-motivated attacks involving PLCs and other industrial controls in Israel, Iran and Russia. All of which have focused on vulnerabilities found within industrial equipment controls.

The biggest question for the industrial community is if GhostSec can show others how relatively simple it is to take control of PLCs, MODBus connections and industrial control systems – will those learning from GhostSec take it to another level. GhostSec has been comparatively benevolent compared to others – no ransomware demands or malware incursions. 

However, their capabilities raise questions that should be keeping more industrial stakeholders up at night – namely what’s the next type of attack and where is it coming from? 

So, it’s not about GhostSec being directly responsible for an attack on your facility, but what will the light they’re shining on their tactics mean when others do look to probe your system security levels.

Joining us to discuss this situation is Matan Dobrushin, VP of Research at OTORIO. Based in Israel, the company is a leader in industrial cybersecurity solutions and services.

For more information on the work OTORIO does, you can go to

Thanks for joining us today. To catch up on past episodes, you can go to, or You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast.

More in Facility