Ghost Squad Hackers (GSH) has defaced a site of the European Space Agency (ESA) for the second time. A group of hacktivists are going online with the name of GSH and performed these attacks.
Author Saif Ahmed Bhuiyan | NITS DiGi, July 20, 2020
Ghost Squad Hackers announced the defacement of a site of the European Space Agency (ESA) for the second time last week.
ESA has been contacted by GSH to report a second hack of a website of the European Space Agency. ESA has suffered two hacks in a few days apart. This is the website which was compromised.
Ghost Squad Hackers have mentioned that they have defaced this website. The reason they could do it was because they found for the second time within the same week a Server-side request forgery (SSRF) remote code execution vulnerability in the server of the European Space Agency (ESA).
A web security vulnerability that allows an attacker to induce the server-side application to make HTTP requests to a random domain of the attacker’s choosing is called a Server-side request forgery (also known as SSRF).
Typical example of SSRF as follows
- The attacker might cause the server to make a connection back to itself or
- To other web-based services within the organization’s infrastructure or,
- To external third-party systems.
According to experts “A successful SSRF attack can often result in unauthorized actions or access to data within the organization, either in the vulnerable application itself or on other back-end systems that the application can communicate with. In some situations, the SSRF vulnerability might allow an attacker to perform arbitrary command execution”.
GSH also mentioned that they found the same private vulnerability in their servers leading to RCE (hackers intentionally exploit a remote code execution vulnerability to run malware). After acquiring access to the defenders’ servers they have decided to deface yet another domain for laughs. Even after removing the defender’s CMS and adding a maintenance index they were still able to get access, hence defender’s attempt to patch the vulnerability was a failure. According to the attackers, “We didn’t contact them this time either, instead decided to deface another domain.”
“These space agencies are not safe and we will continue to prove that!”
ESA experts have yet to fix the problem, they only removed the installation of the CMS, said the attackers.
According to the hackers, the problem or issue was not within the CMS or web application, but it affects service in execution on the server.
Ghost Squad Hackers claims that they have hacked quite many organizations and government bodies over the years, including
- US military
- European Union
- Washington DC
- Israeli Defense Forces
- The Indian Government and
- Some central banks.