Monday, 11 July 2016

On 02:21 by admin   No comments
The operation OpAfrica has found another victim, this time, it’s the Pretoria-based arms procurement agency Armscor or Armaments Corporation of South Africa. The breach which took place just a few hours ago can be labeled as a massive hack as Armscor is the official arms procurement agency of the South African Department of Defence.
The hacktivist behind this hack is the same one who previously hacked two Israeli arms importers and leaked client details in public for operation OpIsrael, however, this time the hacker has chosen the dark net to leak 63 MB data in HTML files that include invoices numbers, order numbers, invoice amount etc of Airbus, Thales group, Rolls Royce, Eads or EADS (European Aeronautic Defence and Space Company), Denel etc.
In an exclusive conversation with Anonymous hacker, HackRead was told that he has access to 19938 supplier IDs, names and their plaintext passwords. The passwords, in this case, allow anyone to login into Settlement System as supplier or manager. The hacker also disclosed that the agency’s site has several bugs including one that allows anyone to open a settlement by simply using supplier ID without the password.

“It was simple SQL injection.”
Upon an in-depth scan, we found customer and trade data including customer IDs, company and trading Address, customer name, order Numbers, invoice numbers, invoice amount, invoice balance, invoice dates, transaction dates and received cheque numbers from 2014 to 2016. 
There are about 104 HTML files, however, we can confirm that no emails or passwords have been leaked but transaction details for high profile defence and aeronautical companies are out for public access.
In the past, the same Anonymous hacktivist hacked UN Climate Change’ Webcast Streaming Service ProviderUN Climate Change website and South African Government Contractor for operation OpMonsanto.

0 comments:

Post a comment