Ghost Squad Hackers did it again!
European Space Agency (ESA) site got defaced twice in a week!

Ghost Squad Hackers (GSH) have defaced a site of the European Space Agency (ESA) for the second time. A group of hacktivists is going online with the name of GSH and performing these attacks.

Ghost Squad Hackers announced the defacement of a site of the European Space Agency (ESA) for the second time last week.

ESA has been contacted by GSH to report the second hack of a website of the European Space Agency. ESA has suffered two hacks a few days apart. This is the website that was compromised.

Ghost Squad Hackers have mentioned that they have defaced this website. The reason they could do it was because they found for the second time within the same week a Server-side request forgery (SSRF) remote code execution vulnerability in the server of the European Space Agency (ESA).

A web security vulnerability that allows an attacker to induce the server-side application to make HTTP requests to a random domain of the attacker’s choosing is called a Server-side request forgery (also known as SSRF).

A typical example of SSRF is as follows

  • The attacker might cause the server to make a connection back to itself or
  • To other web-based services within the organization’s infrastructure or,
  • To external third-party systems.

According to experts “A successful SSRF attack can often result in unauthorized actions or access to data within the organization, either in the vulnerable application itself or on other back-end systems that the application can communicate with. In some situations, the SSRF vulnerability might allow an attacker to perform arbitrary command execution”.

GSH also mentioned that they found the same private vulnerability in their servers leading to RCE (hackers intentionally exploit a remote code execution vulnerability to run malware). After acquiring access to the defenders’ servers they have decided to deface yet another domain for laughs. Even after removing the defender’s CMS and adding a maintenance index, they were still able to get access, hence defender’s attempt to patch the vulnerability was a failure. According to the attackers, “We didn’t contact them this time either, instead decided to deface another domain.”

“These space agencies are not safe and we will continue to prove that!” 

ESA experts have yet to fix the problem, they only removed the installation of the CMS, said the attackers.

According to the hackers, the problem or issue was not within the CMS or web application, but it affects service execution on the server.

Ghost Squad Hackers claims that they have hacked quite many organizations and government bodies over the years, including

  • US military
  • European Union
  • Washington DC
  • Israeli Defense Forces
  • The Indian Government and
  • Some central banks.

Saif Ahmed Bhuiyan

Free Subscription

The most comprehensive Cybersecurity agenda for leading industry executives

Connect and share niched and unique knowledge

Meet our 15-year experience in addressing international cybersecurity challenges

Register for The Conference
25th of May 2023