Ghost Squad Hackers did it again!
European Space Agency (ESA) site got defaced twice in a week!

A typical example of SSRF is as follows

• The attacker might cause the server to make a connection back to itself or
• To other web-based services within the organization’s infrastructure or,
• To external third-party systems.

According to experts “A successful SSRF attack can often result in unauthorized actions or access to data within the organization, either in the vulnerable application itself or on other back-end systems that the application can communicate with. In some situations, the SSRF vulnerability might allow an attacker to perform arbitrary command execution”.

GSH also mentioned that they found the same private vulnerability in their servers leading to RCE (hackers intentionally exploit a remote code execution vulnerability to run malware). After acquiring access to the defenders’ servers they have decided to deface yet another domain for laughs. Even after removing the defender’s CMS and adding a maintenance index, they were still able to get access, hence defender’s attempt to patch the vulnerability was a failure. According to the attackers, “We didn’t contact them this time either, instead decided to deface another domain.”

“These space agencies are not safe and we will continue to prove that!” 

ESA experts have yet to fix the problem, they only removed the installation of the CMS, said the attackers.

According to the hackers, the problem or issue was not within the CMS or web application, but it affects service execution on the server.

Ghost Squad Hackers claims that they have hacked quite many organizations and government bodies over the years, including

• US military
• European Union
• Washington DC
• Israeli Defense Forces
• The Indian Government and
• Some central banks.