The premier investigative agency of United States of America, Federal Bureau of Investigations (FBI) had its website content management system hacked. A hacker with Twitter handle of CyberZeist claimed that he had managed to breach into Plone CMS used by FBI for its website. CyberZeist also leaked around 150 logins, including email addresses and encrypted passwords online.
CyberZeist said he breached the Plone CMS, also being used by the FBI, in late December using a zero-day that was discovered by somebody else. CyberZeist stated that the zero-day can be used against several other organizations including the EU Agency for Network Information and Security along with Intellectual Property Rights Coordination Center.
CyberZeist exploited the flaw on 22nd December. The hacker exploited a zero-day vulnerability in the Plone CMS, an Open Source Content Management software used by FBI to host its website, and leaked personal data of 155 FBI officials to Pastebin, including their names, passwords, and email accounts.
Additionally, the hacker says that the zero-day he used to compromise the CMS website is already being sold on Tor, so he won’t share more details until the exploit is no longer available for purchase.
The attack is “devoted to the Anonymous movement,” and CyberZeist says that he was already contacted by various sources to sell the zero-day, but he declined.
No comments:
Post a Comment