Exclusive, Ghost Squad Hackers defaced European Space Agency (ESA) site

A group of hacktivists that goes online with the name Ghost Squad Hackers has defaced a site of the European Space Agency (ESA).

A group of hackers that goes online with the name Ghost Squad Hackers has defaced a site of the European Space Agency (ESA), https://business.esa.int/.

I have reached them for a comment and they told me that the attack was not targeted, they defacted the site only for fun.

“We are hacktivists, we usually hack for many various causes related to activism.” Ghost Squad Hackers’s member s1ege told me. “This attack was done solely for fun”

The group claims to have hacked numerous organizations and government agencies over the years, including US military, European Union, Washington DC, Israeli Defense Forces, the Indian Government, and some central banks.

The team appears to be focused primarily on operations against governmental agencies.

When I asked them for more details about the attack, the hackers explained that they have exploited a Server-side request forgery (SSRF) remote code execution vulnerability in the server, then they gained access to the business.esa.int domain and defaced it.

A Server-side request forgery (also known as SSRF) is a web security vulnerability that allows an attacker to induce the server-side application to make HTTP requests to an arbitrary domain of the attacker’s choosing.

In typical SSRF examples, the attacker might cause the server to make a connection back to itself, or to other web-based services within the organization’s infrastructure, or to external third-party systems.

A successful SSRF attack can often result in unauthorized actions or access to data within the organization, either in the vulnerable application itself or on other back-end systems that the application can communicate with. In some situations, the SSRF vulnerability might allow an attacker to perform arbitrary command execution.

The hacktivist remarked that they did not act for political reason, they also highlighted that they had no interest in leaking any data. They intent was to deface the website to show it was vulnerable.

Ghost Squad Hackers did not attempt to report the flaw to ESA.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, ESA)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.