"Cyberattackers Make Waves in Hotel Swimming Pool Controls"

After the hacktivist group GhostSec claimed to have breached an Israeli hotel pool controller, a team of researchers at Otorio decided to investigate further. The cyberattack group did not provide details about the Operational Technology (OT) breach, but the researchers discovered two Aegis II controllers with default passwords exposed to the Internet. The Aegis II controller is used to regulate the chemical concentration in water in places like pools. GhostSec recently claimed that it had breached 55 Berghof Programmable Logic Controllers (PLCs) across Israel. On September 10, the group said it was able to gain control over an unnamed hotel's pool water system. In a message posted by the group, GhostSec stated that while it has control over the pool's pH and chlorine levels, it is not interested in using this access to harm innocent people. The threat actors said they wanted to show how much damage they could cause. The Otorio researchers emphasized that the incident brings further attention to the potential real-world consequences of OT cyberattacks. This article continues to discuss the GhostSec hacktivist group claiming to have taken control over a hotel's pool water system. 

Dark Reading reports "Cyberattackers Make Waves in Hotel Swimming Pool Controls"