As part of their ongoing operation against United States known as "#opBlackSummer", the Tunisian Cyber Army(TCA) and Al-Qaeda Electronic Army(AQEA) has breached the websites belong to US Telecommunication companies.
The hacker group has identified three SQL Injection vulnerabilities in AT&T sub-domains and one SQLi in Verizon website. The hackers provided the vulnerable links to EHN.
The hackers also attacked the the official website for the U.S. Small Business Administration(sba.gov), Merrimack County Savings Bank(mcsbnh.com), State Bank of Park Rapids(statebankofparkrapids.com).
The team exploited the vulnerabilities and compromised information such as User IDs, security question answers, passwords, addresses and email addresses.
Speaking to EHN, the TCA said they exploited the xss vulnerability in FBI website by requesting the admin to open the crafted fbi site link. The hacker claimed that they got temporary access to their computer and downloaded some files about crimes and report.
At EHN, we can't assure that hackers claims about the data compromise are true but the vulnerability links provided by the hackers are valid one.
The hacker group has identified three SQL Injection vulnerabilities in AT&T sub-domains and one SQLi in Verizon website. The hackers provided the vulnerable links to EHN.
The hackers also attacked the the official website for the U.S. Small Business Administration(sba.gov), Merrimack County Savings Bank(mcsbnh.com), State Bank of Park Rapids(statebankofparkrapids.com).
The team exploited the vulnerabilities and compromised information such as User IDs, security question answers, passwords, addresses and email addresses.
 |
| XSS in FBI website |
Speaking to EHN, the TCA said they exploited the xss vulnerability in FBI website by requesting the admin to open the crafted fbi site link. The hacker claimed that they got temporary access to their computer and downloaded some files about crimes and report.
At EHN, we can't assure that hackers claims about the data compromise are true but the vulnerability links provided by the hackers are valid one.
