Hacking Zone - Hacking and Cyber Security News

Featured

Ufone Pakistan Official Website Hacked

The official website of Ufone Pakistan has been hacked and defaced last night.

Ufone, also known as Pak Telecommunication Mobile Limited (PTML) is one of the largest and oldest telecom operator of Pakistan providing telecom and internet services across the country.

Ufone is a part of PTCL / Etisalat Group.

Ufone Pakistan Hacked, Defacement Message

On the night of Saturday, 2nd June, 2024, the website of Ufone Pakistan suffered a breach and as a result, its official website was defaced by hackers.

Ufone Pakistan WordPress Admin Logged In

As per our investigation, the hackers managed to login to the WordPress Admin of the Ufone website.

The exact motive of hackers has not been confirmed yet but the pattern matches with that of Script Kiddies.

The hackers, namely Team Maximizers have hacked many websites in the past just for fun.

After 2 hours, the website was restored and the defacement message was removed from the server.

There is no official announcement from Ufone Pakistan yet.

This is a developing story so stay tuned for updates!

Featured

AnyDesk Hacked: Popular Remote Desktop Software Mandates Password Reset

Remote desktop software maker AnyDesk disclosed on Friday that it suffered a cyber attack that led to a compromise of its production systems.

The German company said the incident, which it discovered following a security audit, is not a ransomware attack and that it has notified relevant authorities.

“We have revoked all security-related certificates and systems have been remediated or replaced where necessary,” the company said in a statement. “We will be revoking the previous code signing certificate for our binaries shortly and have already started replacing it with a new one.”

Out of an abundance of caution, AnyDesk has also revoked all passwords to its web portal, my.anydesk[.]com, and it’s urging users to change their passwords if the same passwords have been reused on other online services.

It’s also recommending that users download the latest version of the software, which comes with a new code signing certificate.

AnyDesk did not disclose when and how its production systems were breached. It’s currently not known if any information was stolen following the hack. However, it emphasized there is no evidence that any end-user systems have been affected.

Earlier this week, Günter Born of BornCity disclosed that AnyDesk had been under maintenance since January 29. The issue was addressed on February 1. Previously, on January 24, the company also alerted users of “intermittent timeouts” and “service degradation” with its Customer Portal.

AnyDesk boasts over 170,000 customers, including Amedes, AutoForm Engineering, LG Electronics, Samsung Electronics, Spidercam, and Thales.

The disclosure comes a day after Cloudflare said it was breached by a suspected nation-state attacker using stolen credentials to gain unauthorized access to its Atlassian server and ultimately access some documentation and a limited amount of source code.

Featured

Massive data breach – 12 TB data having 26 billion records leaked

26 billion records leaked online 12 terabytes leaked online

Data breaches are happening with alarming frequency lately, which means it’s increasingly likely your data is out in the wild somewhere. If there’s one place that user data is likely to exist, it’s in a massive data breach pool that was recently discovered by CyberNews and SecurityDiscovery.com. This data pool looks to be a compilation of many major breaches and includes over 26 billion data breach records. That amounts to over 12TB of data, and it includes more than just passwords.

The exact nature of the records is unknown, but there are a few possibilities. The most likely records to be found in this data breach are usernames and passwords. However, it’s possible that other types of information, like credit card information or addresses are included as well. The good news is, the researchers do not suspect that new data is included in the pool. Rather, it’s a major sourcing of pre-existing data breaches. According to the researchers, this suggests that the owner has a “vested interest in storing large amounts of data.”

What’s included in the data breach’s 26 billion records

The research into this data breach was led by Bob Dyachenko, a cybersecurity expert and the owner of SecurityDiscovery.com. Although the team says that no new data leaks are known to be included, that doesn’t mean end users shouldn’t be concerned. “The dataset is extremely dangerous as threat actors could leverage the aggregated data for a wide range of attacks,” the researchers told CyberNews. “Including identity theft, sophisticated phishing schemes, targeted cyberattacks, and unauthorized access to personal and sensitive accounts.”

The data breach’s 26 billion records also include information that users probably won’t want getting out. The company or brand with the most leaked records in the data pool was Tencent, a Chinese tech giant, who had 1.5 billion records leaked. Tencent, among other things, operates the Tencent QQ messaging app. Other sites with millions of leaked records include LinkedIn, Deezer, Adobe, and Canva. Some adult sites were also included in the data pool such as 220 million records from AdultFriendFinder.

Besides companies and brands, some data is also stolen from governments, such as the U.S., Brazil, Germany, Philippines, Turkey, and more. But the real concern is that malicious actors could use the stolen data for more widespread identity theft. For example, if you use the same password for LinkedIn as your banking app, you might be in trouble. A potentially-compromised social media site could spiral into a financial disaster quickly.

How to check if your data is in the breach

There’s no clear cut way to know if your data has been breached with absolute certainty. However, there are a few things you can do. There’s a search bar at the bottom of CyberNews’ article that lets you search through every site that was compromised. If you use a site that has been breached, you should change your password just to be safe. You can also visit haveibeenpwned.com and enter your email to see if it has appeared in a data breach. Otherwise, a good rule of thumb is to use strong passwords, different passwords, and change them if you think they’ve been compromised.

Featured

Bykea Pakistan Hacked

Bykea is a Pakistani ride hailing service and parcel delivery company based in Karachi.

Today, on 13 June, 2023, Bykea users received vulgar notifications on their mobile phones.

Bykea Pakistan - Hacked Notifications — Bykea Pakistan – Hacked Notifications

Not only mobile phones, all smart gadgets including smart watches received these inappropriate notifications sent by hackers.

As per our sources, the app Bykea itself was not hacked.

Instead, their Firebase account was hacked.

Firebase is a platform by Google that is used globally by different app developers and managers to send notifications and marketing messages to their subscribers.

Bykea has issued an apology and assured that its app is safe and that the compromised communication account has been restored.

This is a developing story so stay tuned for updates.

Featured

Cyber Attack On Pakistan’s NTDC Causes Nationwide Power Outage

Pakistan Power Transmission Systems Hacked

As per our sources, the National Power Transmission Company of Pakistan (NTDC) has been hacked and as a result, whole of the country’s Power has remained shutdown for more than 24 hours on 23rd January, 2023.

National Transmission & Despatch Company or NTDC is a Power Transmission Company, under the Ministry of Energy, which controls all the grid stations and transmission lines across Pakistan.

The Hackers have shared images of NTDC Management Panel claiming the hack in Telegram Groups.

Another group shared the login screen of this panel which discloses the domain name of the NTDC website.

As per the analysts, the hackers modified the frequency values in the NTDC panel which forced the operators to feed wrong data and as a result grid stations got tripped and caused the country wide power outage.

According to Cyber Security Analysts, the threat actor behind this attack is SideWinder APT.

SideWinder APT is a notorious Indian state sponsored hacking group known for multiple Cyber Attacks on Pakistan in the past.

It is estimated that Pakistan has lost about Rupees 100 Billion ($400M) as a result of this outage.

If these claims are legit, this is the largest Cyber Attack on Pakistan in history.

However, Pakistan’s Ministry of Energy has denied the reports of any hacking and labeled them as rumors.

Multiple countries have faced Cyber Attacks on their Power Systems in past i.e. The 2015 Ukraine Power Grid Hack.

Update (28th January, 2023):
Hackers have shared more data on their Telegram channel, which includes screenshots and a zip file containing source code of the NTDC Tripping Website.

The zipped file named tripping.NTDC.COM.PK.zip also contains Power Infrastructure related diagrams, Database backups and PHP source code files.

The Ministry of Energy has now given the statement that they are investigating a possible Security Breach.

The Tripping Website of NTDC, https://tripping.ntdc.com.pk/ is now down showing a 403 Forbidden message.

This is a developing story so stay tuned for updates.

Featured

Ministry of Finance, Pakistan – Hacked

News are coming in that the Finance Ministry of Pakistan has been hacked. Sensitive documents from the official emails have been leaked online.

Above snap is from the leaked official document containing sensitive data related to the Ministry of Finance on the International Monetary Fund (IMF), Financial Action Task Force (FATF), Foreign, Commonwealth & Development Office (FCDO), Islamic Development Bank (IDB), China Pakistan Economic Corridor (CPEC), among others.

The official website of the ministry is intact and is not defaced, however, ~~their internal organizational data is leaked on the Darkweb Forums~~.

A total of 2413 email messages along with attachments where dumped by the hacker with some emails classified as “Highly Confidential” and “Strictly Confidential“

UPDATE: As of 1:45AM PKT, we have learned that only a single email account of a Ministry of Finance official was compromised. The name of the official is Dr. Iftikhar Amjad and his designation is Joint Secretary at the Finance Ministry of Pakistan. The initial news referring to the breach of MoF Internal Network were just a rumor.

Stay tuned for more updates on this story.

Ministry of External Affairs, India (MEA), Hacked

Indian Ministry of External Affairs - Hacked

Reportedly, the Email Servers of Indian Ministry of External Affairs were hacked in the latest attack on Indian Cyber Space.

The Ministry of External Affairs is basically the Indian government agency responsible for the conduct of India’s relations with foreign countries.

Emails present on their server are mostly classified correspondence between Ambassadors, Diplomats, Foreign Embassy/Consulate Staff among other International and Local Government Officials.

Hackers are selling the email data for the price tag of 6 to 22 Lakhs (7K to 27K US Dollars).

For sample, the hackers have shared the email credentials of at least 15 senior officials of the ministry of External Affairs on Dark Web.

There is no Official confirmation about this data breach from the MEA Officials.

Cyber Crime and other Central Departments of Indian Government are currently investigation this case.

This is a developing story and we will share more updates soon.

Anatomy Of The Uber Hack

Facebook, WhatsApp, Instagram Down or Hacked?

Facebook, WhatsApp, Instagram and all of their services are down since past few hours.

Facebook servers are down since past hour.

Apparently, it seems like Iran based hackers have performed some kind of cyber attack on Facebook, Inc network because of which all of their services have went down. All of their DNS resolvers are not responding at the moment. Stay tuned for updates!

Twitter Hacked

Twitter has reportedly been hacked.

VIP accounts including but not limited to Barack Obama, Elon Musk, Kanye West, Apple have been taken over by hackers to spread Bitcoin related scam. Tweets from some of those VIPs can be seen below:

The Bitcoin wallet that is being used by attackers is bc1qxy2kgdygjrsqtzq2n0yrf2493p83kkfjhx0wlh and a number of people have fallen prey to this scam by sending millions of dollars in BTC to the hackers. Current status of this wallet can be seen below:

In response to this massive hack, the Team Lead for Twitter’s Application Security has resigned from his post saying “Today I’m glad I’m no longer the tech lead for Twitter’s Application Security team anymore. Trying to deal with an incident with 300 million people watching is not fun.”

Twitter AppSec Teamlead Resigned — Twitter’s Application Security Teamlead Resigned

It is suspected that the hackers had paid a Twitter employee to provide them with inside access which lead to this massive breach.

Attackers have also posted images of Twitter’s internal tool for managing Twitter profiles:

Twitter Profile Management Tool

We will keep you updated as this is a developing story.

Stay tuned!