Brazil Government website hacked, redirected to malicious website

malicious javascript

Security Researcher at F-Secure has spotted a piece of malicious code injected in the official website of the City of Franca in São Paulo, Brazil(franca.sp.gov.br).

Hackers managed to place a malicious javascript code in one of the javascript file which loads malicious flash object.  The flash object redirects visitors to a malicious domain.

Researcher didn't specify what exactly served in the malicious domain.

The website using outdated joomla version(1.5), Cybercriminals might have exploited any known vulnerabilities.  According to researchers, this is not the only Brazil government website using outdated CMS.

F-Secure has contacted the Brazil's  Computer Security and Incident Response Team - CTIR Gov and informed about the incident.

Kerala Government websites hacked by Syrian Hacker 'Dr.SHA6H'

A Syrian Hacker using online handle 'Dr.SHA6H' who is known for his Government websites' hack, now started targeting Indian Government websites. Today, he hacked into a number of Indian Government sites and left them defaced.

The hacker claiming he is a Syrian who does not accept "the Syrian regime's actions of murder, rape and destruction with the support of most of the countries". He wants to save Syria from Hell.

Though it is still in question why he targeted Indian government, he left a message related to Syria in the defacement.

"Today, after looking at what faces ( Syria ) note most of the countries in the world do not want help Syria. There are a lot of countries all over the world enter the irrational intervention in the problems of other countries such as the
United States intervened in the problem ( Osama bin Laden ) Why .. !?" The defacement message reads.


"Now, America and other countries do not interfere in the problem of Syria Is
there an international interest with ( Bashar al-Assad ) .. !? Or economic interest
or is a political interest ( We do not understand ) .. We want answer all the countries of the world, there are children dying, women raped and houses destroyed."


 
The affected Indian sites are belong to the Kerala State Government websites.  The list of hacked websites are INSIGHT(insight.kerala.gov.in), Kerala State Blood Transfusion Council(blood.kerala.gov.in), Thiruvananthapuram Medical College(tmc.kerala.gov.in), Kerala State Planning Board(spb.kerala.gov.in).

The other affected sites are :
  • Right to Education Kerala(rtekerala.gov.in)
  • Thiruvananthapuram(trivandrum.gov.in)
  • Fisheries Network Information System(fishnetkerala.gov.in)
  • Ombudsman For LSGI Kerala (ombudsmanlsgiker.gov.in)
  •  Farm Information Bureau(fibkerala.gov.in)
  • Arogyakeralam National Rural Health Mission Kerala Web Portal (arogyakeralam.gov.in), sevana.gov.in

Pakistan Army website and Facebook fan pages hacked by Indian Hacker


If you are regular reader of EHN , you know that this is not the first time the Pakistan Army website is under cyber attack.  Once again Indian hacker "Godzilla" breached the Pakistan Army website.

Speaking to E Hacking News, the hacker said that he hacked into "pakistanarmy.gov.pk" and left a malicious PDF file disguised as a magazine.


The admin clicked the PDF exploit which results in his computer is infected with malware.  It allowed the hacker to compromise the facebook fan pages.

The following Facebook fans pages deleted by the hacker : Pakistan Army Official Facebook Page (www.facebook.com/OfficialPakArmy)  Pakistan Army Officers Club Facebook Page (www.facebook.com/fb.paoc), Pakistan Army Fan Facebook Page(www.facebook.com/pakarmyfanpage).

He claimed the admin removed the login page of CMS used by the website but failed to remove the backdoor.

"Now no more deals, if you can fire then we can bombard  You are punished for breaking ceasefire we are coming for you." Hacker stated as reason for the cyber attack.

The website and facebook pages has been recovered at the time of writing.  It also appears the admin of the facebook pages blocked India from accessing the pages.

You can find more proof and details about the hack here:
http://pastebin.com/3jkp6k2e

Thailand Prime Minister website hacked and abusive message posted

An unknown hacker breached the website of the Prime minister Yingluck Shinawatra's office (opm.go.th/opminter/mainframe.asp) and posted abusive message with the altered photo of her.

"I’m a slutty moron” The offensive comment made by the cybercriminals in the defaced page. “I know that I am the worst Prime Minister ever  in Thailand history!!!”.

Although the defacement sign says it was hacked by the hacker group "Unlimited Hack Team", the team denied the involvement in the security breach.

Image credits: manager.co.th

“It might have been done by some teenagers... or maybe it was for political purposes,” the prime minister’s secretary-general, Suranand Vejjajiva is quoted in the NewStraitsTimes' report as saying.

Hacking a website is easy... but don’t forget that checking who did it is not hard either,” he told reporters.

It appears the security breach comes after she filed a defamation case against a cartoonist for allegedly comparing her to a prostitute on his Facebook page.

Nepal Government websites hacked by Muslim Cyber Sh3ll'z


"Old is Gold" but it is not applicable for your CMS. A Number of Nepal government websites which use out-dated joomla version have been breached by a group of hackers.

The security breach was done by the group called as Msulim Cyber Sh3ll'z. The same group yesterday hacked into a number of Bangladeshi and Vietnam government website.

The list of affected sites: Nepal Law Commission(lawcommission.gov.np), deonuwakot.gov.np, www.dadokanchanpur.gov.np, Department of National Park and Wildlife Conservation(dnpwc.gov.np), Ramgram Municipality(ramgram.gov.np), nidmc.gov.np.

The websites have been defaced with a simple message "Box owned by shockwave Khan! This time nepal Government Boxed xd. No comments".

Mirrors:
http://zone-h.com/mirror/id/19664452
http://zone-h.com/mirror/id/19664453

Haiti, Vietnam,Turkmenistan Government sites defaced by Islamic Ghost Team


A hacker group named as "Islamic Ghost Team" has breached government websites from Haiti, Vietnam,Turkmenistan.

Haiti government websites including Interministerial Committee for Planning(CIAT.gouv.ht) , Ministry of Planning and External Cooperation(mpce.gouv.ht) is affected by this security breach.

The hacked site includes sub-domain of Commerce and Industry of Turkmenistan website(cotton.cci.gov.tm), sub-domain of Electronic portal Pacific if Vietnam(soyte.binhduong.gov.vn).

The team left their footprints on the affected websites by uploading their defacement page.  The hackers didn't specify any specific reason for the attack.

From the Zone-h archive, the hacker seems to target the Government websites.  In the past, the team defaced government websites from Panama, Saudi Arabia, Malaysia, Kenya, Libya.

Cyber Attack shuts down Election Commission of Pakistan website


The Election Commission of Pakistan(ECP) website reportedly suffered cyber attacks - Pakistan Government temporarily shuts down the www.ecp.gov.pk to avoid further cyber attack.

The attacks are allegedly originated from Asia and Russia, according to Director General IT, Khizar Aziz statement.
 
“Had our host server was based in Pakistan, then there could have been immense loss,”The Pakistan Today quoted as Khizar Aziz saying.

He said the ECP host server is Canada-based server.  He also said that they are transferring the ECP to more secure server to prevent future cyber attacks.

"Aziz said that ECP’s website has been shutdown under a deliberate strategy to avoid further attacks during the transition period." The Pakistan Today report reads.

Turkey Contact Point and Central Finance & Contracts Unit websites database leaked by D35m0nd142


Two Turkish Government websites found to be affected by critical SQL Injection vulnerabilities.  The hacker known as D35m0nd142 has exploited this vulnerability in a such way that he compromised database of those websites.

 The two affected sites are 'Central Finance & Contracts Unit (cfcu.gov.tr)' and 'Republic of Turkey Ministry of Economy(tcp.gov.tr)'.

In the dump(pastebin.com/GgjcKggL) belong to CFCU, the hacker leaked the 912 email addresses and encrypted passwords. 

"I've hacked over 96000 accounts but I've published just 912 of them and all encrypted." D35m0nd142 wrote where the data was leaked.

In the dump (pastebin.com/ZuzMqCqA) belong to TCP.gov.tr, the hacker leaked the 96 email addresses and encrypted passwords.

Pakistan goverment site again hacked via SQL Injection vulnerability


Indian hacker Godzilla has once again hacked a very important Pakistani site  www.pakistan.gov.pk .

He took down lots of Pakistani sites just a few days ago. http://www.ehackingnews.com/2013/03/indian-hacker-godzilla-leaked-pakistan.html

Then he told the reason behind the attacks that "Pakistan is a country which is currently supporting terrorist activities through ISI, and if they regret Pakistan army and Ministry of Defense mail server backups are enough to proof how closely the are related to terrorism. Pakistan stop these activities before its too late."

The attack seems to be done via SQL injection.





He finally noted that "No matter how hard you try we will get inside in no time." 

Speaking to EHN the hacker said "Admins and Governments takes website security lightly thinking that they are hosted outside  gets treated through your inside network. Thats enough to get inside your network"

United States Sentencing Commission(ussc.gov) hacked and defaced by Anonymous


Anonymous hacktivists breached the website belong to United States Sentencing Commission (ussc.gov) and defaced the site under the operation called "#opLastResort"

" Two weeks ago today, a line was crossed. Two weeks ago , Aaron Swartz was killed. Killed because he faced an impossible choice. Killed because he was forced into playing a game he could not win -- a twisted and distorted perversion of justice -- a game where the only winning move was not to play." The defacement message reads.

"With Aaron's death we can wait no longer. The time has come to show the United States Department of Justice and its affiliates the true meaning of infiltration. The time has come to give this system a taste of its own medicine. The time has come for them to feel the helplessness and fear that comes with being forced into a game where the odds are stacked against them."

The full defacement message can be found here:
http://pastebin.com/Fbx3k2pX


Few days back, Anonymous defaced a Massachusetts Institute of Technology(MIT) website to denounce the charges against him and urge computer crime law reform and more support for open access initiatives.

11 Government websites hacked and defaced by AnonGhost



A hacker group calling itself AnonGhost has hacked into 11 Governmemt websites belong to different countries.

"To All Governments of the World, We are watching you , we can see what you're doing , we control you , we are everywhere. Rememeber this, The people you're trying to step on, we are everyone you depend on. "the hacker said in the defacement page.

"We are the people who do your laundry and cook your food and serve your dinner. We make your bed. We guard you while you are sleeping. We drive the ambulances. We direct your calls. We are cooks and taxi drivers, we are everyone you come into contact with on a daily basis. We know everything aboutyou. We process your insurance claims and credit card charges. We control every part of your life. Together we stand against the injustice of corrupt Governments."

Most of the hacked websites are from Bangladesh and few sites from brazil and greek.

The list of hacked sites and mirror can be found here
http://pastebin.com/3WSLEg9k

36 Mexico Government website hacked by Teamr00t

teamr00t hacker

Once again the Teamr00t comes with the mass defacement of Government sites . This time Mexican government sites are being targeted. 

"# It is time the Mexican government started to help the people of Mexico. Drugs, corruption and poverty continues to grow, and must be dealt with! #" Hacker said in the press release.

At the time of writing , most of websites displays the defacement page and few sites has been recovered and displays "forbidden" or "404 not found" error.

The list of hacked sites with link  to mirror can be found here:

http://pastebin.com/3L0c4rmf


44 Government sites hacked and defaced by Teamr00t


teamr00t hacker
The hacker group "Teamr00t" become more active in recent days and keep providing mass defacements. Their favorite target is Government website.

Today, they have defaced more than 40 Government websites. Most of the hacked government sites are Mexico. Also, Indonesia, Bolivia Brazil, Peru and Thailand sites are defaced by the hackers.

The sites are defaced with their usual message to the government. Most of the websites still displays the defacement page.

The full list of hacked sites can be found here:
http://pastebin.com/Z5PvSU7U
So far, they have hacked large number of government websites belong to various countries.  Yesterday, they hacked more than 20 Government websites.  You can find the hacks of Teamroot here : Teamr00t .

RedHack hackers breached Turkish Finance Ministry but officials deny it


The famous hacker collective RedHack claimed to have hacked into the systems of Turkish Ministry of Finance, as part of the protest against the fact that the salary raises of civil servants had been 'ridiculously small.'

However, Turkey Finance Ministry has denied the hacking claims from RedHack.

“All systems provided by the ministry through the Internet have been working without any problem,” Hurriyet Daily News quoted the statement from the ministry .

A legal investigation into RedHack was launched after the group staged a cyber attack on the Ankara Police Department’s website in February 2012.

Turkish authorities have named RedHack as a terrorist group. Prosecutors demanded up to 24 years in prison for alleged members of the hacker group for the cyberattacks they’ve launched against government systems over the past years.

In the first hearing, held Nov. 26, an Ankara court freed three arrested suspects in the alleged hacking case, pending trial.

400+ Chinese Government sub domains defaced by code cracker


A hacker with online handle "code cracker", from the hacker group " Pakistan cyber army", has defaced more than 400 sub domains belong to Chinese Government.

It seems like hackers managed to breach the main website Xuchang City People's Procuratorate. All of the defaced sites are sub domains xchjcy.gov.cn. Also few other defaced sites has been listed there.

All of the hacked websites has been injected with a html file called "Crack.html" that displays the defacement message.  The main pages are not affected.

The full list can be found here:
http://pastebin.com/HMm1cdXT

20+ Government websites hacked by Teamr00t



The well-known hacker collevite Teamr00t has managed to breach the government websites from several countries and defaced. The hacked sites are from Brazil, Paraguay, Philippine, Thailand,Indonesia, Bolivia and more.

The defacement was part of their ongoing hacking operation against the government of the world. They've send a message to the government.

"To the governments of the world, it is time you listened and acted upon what would benefit and help the people of your countries! It is now time for you to start listening to the voices of your nation and deal with the problems that are occurring every single day. " The defacement message reads.

" Everyone has the right to freedom of speech and your people must be allowed this freedom. Stop, listen and take action that will help benefit your nation!"

"Teamr00t Has Arrived!!! We are the voice for the suppressed people of the world, and we will show you the truth!"

The list of affected site includes  City of Flores de Goiás (floresdegoias.go.gov.br),Gov Brazil ( www.cidadedeguapo.go.gov.br), Gov Paraguay (intranet.annp.gov.py), Laoag City site (www.laoagcity.gov.ph), Gov Thailand (cityub.go.th) , National Adoption Ministry (mimp.gob.pe), senavex.gob.bo.

The list of hacked sites with mirror can be found here:
http://pastebin.com/KD5Gm6g3
http://pastebin.com/5bUckYZF


Taiwan Government sites infected and used in Wire Transfer spam mails



Be careful while visiting Taiwan Government websites , it may redirect you to BlackHole Exploit kit page.  We have discovered three infected Taiwan government websites. Initially , the infection identified by @Hulk_Crusader.

"h00p://www.tai**i.gov.tw/page-3.htm <- another Taiwan .gov site distributing malware. (Copies of Policies spam)" The tweet posted by the researcher reads. At EHN, i have discovered another infected government website.

The infected sites has the same URL pattern ('page-3.htm') and contains an iframe pointing to BlackHole Exploit page "podaruno**.ru".

malicious script

After quick Google search, i come to know that the infected websites are being used in a Wire Transfer Spam mail.

Good afternoon,

Your Wire Transfer Amount: USD 92,710.37
Transaction Report: View [Link_to_infected_page]
TEMIKA Heller,
The Federal Reserve Wire Network

The list of infected websites: