Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Pakistan Hackers. Show all posts

A Hacker Collective Based in Pakistan, Being Backed by China to Gather Intelligence Against India

 

In a rather coordinated attempt in order to steal strategic data and critical infrastructure by sending phishing mails a campaign was launched by a Pakistan-backed hacker, Transparent Tribe. 

The campaign, dubbed as 'Operation Sidecopy' utilizes a remote access malware that can heighten its privilege in undermined systems, and thus, easily steal data by infiltrating a computer. 

Cyber Security researchers at Seqrite, the cyber security solutions arm of Quick Heal, believe that the main tools utilized in Operation Sidecopy shows the association of Transparent Tribe which Seqrite believes is being backed by China to accumulate insight against India. 

One of the main characteristics that Seqrite believes can be associated with Pakistan's Transparent Tribe is the remote server facilitating that the 'collective uses'. 

As per researchers Kalpesh Mantri, Pawan Chaudhari and Goutam Tripathy at Seqrite, Operation Sidecopy utilizes Contabo GmbH to 'host' the remote server through which the malware is instructed and information inflow is controlled, which Transparent Tribe is accounted for to have done already.

Himanshu Dubey, director of Quick Heal Security Labs, affirmed that alongside the Operation Sidecopy cyber attacks are highly targeted towards India in nature and have been continuously observed since 2019.

'Till now, this attack has been only seen targeting India.The Tactics, Techniques and Procedures (TTPs), as well as Decoy documents that we analysed, were crafted specifically in Indian context,” he says. 

Clarifying the Pakistan and China connection in the series of cyber attacks taken note of, Quick Heal's Dubey says, “We have considered several factors such as infrastructure used for command servers, registered domain naming patterns and recently created domains, command and control server names are similar to the names used by APT36 in past, and APT36’s history of attacks targeting Indian defence organisations.Also, one domain that hosted HTML stager applications is registered to a user in Rawalpindi, Pakistan.” 

 Dubey avows that the entirety of Seqrite's discoveries under Operation Sidecopy have been shared with the authorities of the Indian government in order to assist them with taking proper digital protection steps and forestall loss of important data.

BJP Junagadh website hacked by Pakistani hackers

Local news organizations reports that BJP Junagadh unit's website (bjpjunagadh.org) was hacked and defaced by some unknown hackers.

The hackers who defaced the website posted comments against BJP and RSS. The defacement also contains several images of people burning and standing on the Indian tricolor.

We have referred some defacement-mirror websites, the hack appears to have taken place in February.  It is unclear whether these local reports referring this incident or the website got defaced again today.

According to the defacement-mirror record(hxxp://dark-h.org/deface/id/12604), this website was defaced by a Pakistani hacker going by handle "Sniper haxXx" who is responsible for many Indian websites' hacks.

"As soon as I reached office, our IT cell employees told me that someone has hacked our website http://www.bjpjunagadh.org and uploaded photographs and comments to malign reputation of BJP, RSS and Narendra Modi,"Indian Express quoted In-charge of BJP Junagadh office Raju Jivani as saying.

A complaint has reportedly been lodged against the unknown hacker, police are trying to find the hacker who is responsible for the breach.

Meanwhile, Gujarat Pradesh Congress Committee's President Arjun Modhwadia told reporters that "This is purely an attempt to get votes by playing the communal card ahead of the election"

Pakistani hacker group 'Team MaXiMiZerS' hacks India's Kerala state Government websites

Hundreds of Indian websites including two Kerala state Government websites have been breached by a Pakisani hacker group identifying itself as "'Team MaXiMiZerS"

The affected websites are Cooperative Institute of Management and Technology (cimat.kerala.gov.in) and Kerala Cultural Welfare Development(cwb.kerala.gov.in), Kerala's Kannur University (kannuruniversity.ac.in). 

Other affected sites have been listed here: http://pastebin.com/p0zPbQDC

The defaced websites displayed the message  "What we Ask From India All the time is the only Kashmir , Most of the times we dnt act like that but this is the only way left . Why indian army is killing innocent's in kashmir ?  We Just Ask you these simple Question's and the indian gov got no answer's..... why ?"

"This is the only way left to protest for us. For what you are scared of ? India will loose the beauty of kashmir ? how many muslim brother's being killed on daily basis did u ever thought ? a 16 year's girl raped and killed a boy shot in the head for what ? because they are protesters ?All we ask is just the Answer of these Questions Nothing Personal ...you will pay for these sins one day"

Indian Public Health Engineering Department website hacked by Pakistan Hackers


West Bengal Branch of Indian Public Health Engineering Department website(www.wbphed.gov.in) has been breached by a hacker from Pakistan.

A hacker with handle H4$N4!N H4XOR from Pakistan Haxors CREW has has uploaded a defacement page in the "Uploads" directory of the site (http://www.wbphed.gov.in/applications/GO/uploads/index.html).

When we asked about the vulnerability responsible for the breach, the hacker said that the website is vulnerable to SQL Injection vulnerability.

"Security Breach!Free Kashmir. Free Syria. Stop Spying On US. Stop Killing Muslims. We Have All Your Data. Don't Try To Catch Us" The defacement message reads.

The hackers said the defacement is revenge for hacking Pakistan websites.  He also claimed to have compromised the database from the server.

In the last two days, the group hacked into Indian Railways website and Official website of Assam Rifles.

Official website of Assam Rifles hacked by Pakistan Haxors CREW


Just few minutes ago, the Pakisani hacker group known as "Pakistan Haxors CREW" has hacked into the official website of Assam Rifles.

The main home page is not affected by this attack.   The hacker has just uploaded a html file 'phc.html' in the main website(http://assamrifles.gov.in/phc.html).

Hacker didn't provide much information on the defaced page except a short message saying "Security Breach! Admin Secure It Thankssss".

In their official facebook page, the hacker group said "We Have What We Want".  We are not sure what they mean by that,  whether they have obtained any sensitive information or just mentioning about the defacement. The mirror of the defacement is here "add-attack.com/mirror/466057/ ".

According to the add-attack mirror record(www.add-attack.com/mirror/466052/), there is another group called "United Bangladesh Hackers" also defaced the website, just few hours before Pakistani hackers.

The same pakistani hacker group recently breached the Indian Railways website and uploaded their defacement.

Indian Railways website hacked by Pakistan Haxors Crew


The official website of the Indian Railways has once again been hacked by Pakistani Hackers group.  This time, it is done by two hackers named as " H4$N4!N H4XOR" and "HUNTER KHAN" from the "Pakistan Haxors CREW(PHC)".

The home page of the site is not affected.  However, hackers managed to upload a "index.html" in a subdirectory("http://er.indianrailways.gov.in/cris/edrm_site/notice/index.html")

Not the first time :

Last August, Pakistan Cyber Army hacked into Indian Railways and uploaded their defacement page in the same "edrm_site" directory with a short message "Hello Guys. Aooooo Indian Railway Pawned LOL. Go to Hell This hack in reply to Pak Army Website".

In 2012, another hacker with handle "AiNAB", a member of Pakistan hacker group called Pakistan cyber pyrates, defaced multiple sub-domains of Indian Railways.(Refer: http://www.zone-h.org/archive/notifier=AiNAB/page=2)

At the time of writing, the website still shows the defacement message.  It is still unknown whether the previous vulnerability hasn't been fixed or hackers discovered new vulnerability.

It is worth to note the "H4$N4!N H4XOR" has hacked several Indian websites including Tamilnadu popular TV channels Jaya TV and Sun TV.

Sun TV website hacked by Pakistan Hacker


Pakistani hacker known with online handle "Hasnain Haxor" who is recently being featured in news for his hacking attacks targeting TV Network has once again breached another top Tamilnadu TV channel network.

Sun Network is the latest victim of the hack.  The following Sun Network websites have been defaced in recent attack: Official Sun Network (sunnetwork.in), Fm websites(redfm.in,suryanfm.in), sun.in and sunpictures.in.

We aware of the recent incident where an Indian hacker has been arrested for Jaya TV website hack. 

However, the hacker who behind the Jaya TV website hack is from Pakistan defacing all other TV channel network and left a defacement message saying:

"We Are PHC ( PAKISTAN HAXORS CREW ) We Just Want Justice & Peace
I Hack AIADMAK website & jaya Tv So Kick Out That Innocent Kid From The Jail"
The same hacker recently hacked into Puthiya Thalamurai website and left the same defacement message.

In case, you are not able to see the defacement, you can check the defacement mirror here:  1.http://zone-hc.com/archive/mirror/b3f36ce_sunnetwork.in_mirror_.html
2. http://zone-h.com/mirror/id/21209662
3. http://zone-h.com/mirror/id/21209519
4. http://zone-h.com/mirror/id/21209514
5. http://zone-h.com/mirror/id/21209511

All other hacking attempts done by the hacker has been mirrored here: http://zone-h.com/archive/notifier=hasnain%20haxor

Jaya TV website hacked and defaced by Pakistani Hackers


Hackers from Pakistan Haxors Crew has hacked into Jaya TV network official website. The main domain and subdomain have been defaced.

Jaya TV is one of the major Tamil language satellite television channels based in Chennai, India.

The following domains are affected : jayatv.tv , artist.jayatv.tv and cinema.jayatv.tv.  The group also hacked into aiadmkallindia.org.


The group also defaced the Canara Bank Employees' Union website(cbeu.in). They also leaked database comproImised from the server.

At the time of writing, all of the affected websites still showing the defacement page.  "jayanews.in" shows "under maintenance" error page.

*Update:
When contacted by the press Jaya TV network denied that it is not their official website.

*Update 2:
But some analysis shows that it  is indeed an official site. The archive version of the site shows tv schedules and also the official contact numbers. And the domain has been used for a loong time.

Proof: http://web.archive.org/web/20130920040126/http://www.jayatv.tv

Proof 2: http://who.is/whois/jayatv.tv

Google Malaysia website hacked by TeaM MADLEETS via DNS hijacking




Pakistani hackers from a group called "TeaM MADLEETS" has defaced the home page of Google Malaysia with a message saying ""Google Malaysia STAMPED by PAKISTANI LEETS".

It appears hackers defaced the domain(google.com.my) using DNS hijacking attack- Hacking into Domain provider and modifying the DNS records.

The hackers managed to change the name server details of the website : Primary Name Server to "b0x4.madleets.com " and secondary name server to "b0x3.madleets.com".

"We feel we need to alert anyone, that we don't hack any country tlds for example google.com.my as a result of any kind of hate, We don't hate anyone, We love all humanity, there is no obvious reason for stamping the tlds.
Least the reason is not any kind of hate.Whatever the reason is we can't explain except we love all of you." The hackers posted the message in their facebook page.


Indian websites suffer cyber attack


Earlier Today, a Pakistani Hacker with online handle "Dr@cul@" hacked into several Indian websites including one Indian Government website and defaced them.

The hacked government website is "envisddd.gov.in". I'm not able to find the exact usage of this website.  The google cache displays "account suspended" page.

Another Pakistani hacker with handle "Hasnain Haxor" claimed to have hacked more than 500 Indian websites and defaced them. "Indian's Be ready cyber war begin " The hacker send a warning message.

Few hacked websites:
ns1.pointersoft.co.in
ns1.pointersoft.co.in
abhinavsteel.com
adcharitable.org
adppowers.com
agarwalpackersmovers.net
aggarwalrelocation.co.in
aggarwalironco.com
The full list of hacked websites can be found here : "http://pastebin.com/1fxDWUsb ". 

At the time of writing, the Government domain "envisddd.gov.in" is taken offline, few other websites displays "under construction" message.

Educational and other websites of india got hacked by Pakistan Hackers


The Pakistani hacker called as H4$N4!N H4XOR from P4K!$T4N H4XOR$ CR3W has breached few Indian Educational and other websites.

The hacker defaced the affected sites with their group logo. There is no defacement in the Main page, hacker defaced 'contact us' and 'about us' pages.

 Some affected Educational websites from Tamil Nadu are Meenakshi Ammal Teacher Training Institute (matti.edu.in/about_us.php), Arulmigu Meenakshi Ammal Public School(amaps.in/contact_us.php), Meenakshi Ammal Matriculation Higher Secondary School(mamhss.edu.in/about-us.php).

The hacker also hacked few other sites andboxes.shsdemo.in, bhardwajindustries.in , joboncall.in and techskills.net.in

At the time of publishing, I am still able to see the defacement page.  It seems like the admin is not aware of this security breach.

20 Indians websites defaced by pakistani hacker


20 Indian websites hacked and defaced by Pakistani hacker named as "H4$N4!N H4XOR" from the Pakistani hacker group called "P4K!$T4N H4XOR$ CR3W".

Hacker claimed that he hacked these sites due to win the match of Pakistan. The list of hacked sites:

  • ncollections.in
  • dgworld.in
  • www.mykids.net.in
  • bengalsiksha.org
  • metronewstoday.com
  • smitaviation.com
  • smart-educations.org    
  • lionsclubofwashim.co.in/members/view.php    
  • www.xrfactor.com    
  • wealthexpert.in
  • www.starpix.ir
  • ynyindia.com
  • www.mobilewebs1.com
  • www.scout4players.com    
  • www.paydaysloansforbadcredit.co.uk
  • defenceelectronics.co.in
  • www.crafteducationalacademy.com
  • www.globalindiainfotech.com
  • www.globalindiainfotech.com
  • pujasarkarart.com

At the time of writing, all of the hacked sites still displays the defacement page. The mirror of the defacement has been hosted in hack-db:

www.hack-db.com/search.html?q=hasnain+haxor

400+ Chinese Government sub domains defaced by code cracker


A hacker with online handle "code cracker", from the hacker group " Pakistan cyber army", has defaced more than 400 sub domains belong to Chinese Government.

It seems like hackers managed to breach the main website Xuchang City People's Procuratorate. All of the defaced sites are sub domains xchjcy.gov.cn. Also few other defaced sites has been listed there.

All of the hacked websites has been injected with a html file called "Crack.html" that displays the defacement message.  The main pages are not affected.

The full list can be found here:
http://pastebin.com/HMm1cdXT

Pakistan Hacker Explains How Pakistan google and other sites got hacked

Boolean-based blind SQL injection
Boolean Based SQL Injection vulnerability

Recently, The news about the Pakistani Google hack spread like a wildfire in the Internet.  At the time, Top Level Pakistan Domains displayed the defacement page including Yahoo, MSN, HSBC, EBay,Paypal and more sites.

Today, khanisgr8, a hacker from Pakistan hacker collective called "TeamBlackHats" sent an email regarding the security breach.  He explains how those websites got hacked by Turkish Hacker group "EBoz".

The day before yesterday we mentioned those hacked sites' dns records points to different free hosting site. Also we report that the site might be hacked using PKNIC vulnerability.

PKNIC is responsible for the administration of the .PK domain name space, including the operation of the DNS for the Root-Servers for .PK domains,
and registration and maintenance of all .PK domain names. PKNIC is operated as a self-supporting organization.

The hackers have claimed to have discovered a Boolean-based blind SQL injection, persistent cross site scripting, sensitive directory directory disclosure vulnerabilities in the official website of PKNIC.

They provide us the vulnerable link with POC to exploit it. Also they sent some data compromised using the vulnerability which contains database details, username and hashed password.

Xss vulnerability pknic
Xss vulnerability

He also provide the screenshot of the Cross site scripting vulnerability. When i tried to verify the XSS vulnerability, i just searched in google for the url and visit a PKNIC link.  After visiting the link, i just saw a text "<script>alert("HACKED BY COde InjectOr")</script>". May be Code Injector team attempts to exploit the vulnerability.  

"Apparently Google Pakistan has been defaced by a Turkish Hacker group 'Eboz' . It's still quite hard to believe that Google server has been hacked. They really need to put a lot of focus on their defenses because if one website got hacked that means every other websites can be hacked. " they said.

We have sent an email to PKNIC regarding the vulnerability and waiting for their response. We are not sure whether the vulnerability is fixed or not So we are not providing the vulnerable link here.

Israeli BBC, Bing, Intel, Live, MSN, CNN, Skype,Xbox , more sites hacked by Pakistani hackers


Shortly after the Anonymous activists declared cyber war on the Israeli websites, a Pakistani hacker group  also came forward in support of GAZA and defaced lot of high profile Israeli websites.

The hack was made by hackers going by the names 1337, H4x0rL1f3, ZombiE_KsA, and Invectus.

"The Notorious Hackers are Back "The defacement message reads. "Your war on Gaza will make you cry blood and let the next few days prove that to you ! ...."

The affected sites includes MSN, Bing, Skype, XBOX, Intel, Live, CNN and more sites.

List of hacked sites , according to Zone-h :
www.skype.co.il
www.cnn.co.il
intelcore.co.il
www.msn.org.il
passport.org.il
www.microsoftstore.co.il
intelatom.co.il
www.opel.co.il
philips.co.il
bing.co.il
bbc.org.il
pantene.co.il
paypass.co.il
amazonunbox.co.il
windowslive.co.il
windows.co.il
www.nbcuni.co.il
citibank.co.il
xbox360.co.il
www.xboxfusion.co.il
cocacola.co.il
coke.co.il
www.xboxignite.co.il
www.intelappup.co.il
www.intel.co.il
live.co.il
solarwinds.co.il
live.org.il
www.msn.co.il

Mirror of the defacement can be found here:
http://www.zone-h.org/archive/notifier=1337

Meanwhile, the Israel Mastercard site is down(www.mastercard.co.il).  It was reported by Anonymous hacker with twitter handle Anonymous_SA.

More than 1000 Indian website Hacked by saadi n hax.r00t


Hackers hax.r00t n saadi hacked into more than thousand Indian websites and defaced them.  Around 1355 Indian sites has been hacked by Pakistani hackers, the CyberWarNews report says.

The report says the security breach on Indian sites are also a result of another team from other side of the cyber war. The other team which is known as Team Nuts had recently attacked over 100 Pakistani websites



List of defaced sites:
http://pastebin.com/4NR1CS2n

50+ websites Hacked By Pak Cyber Combat Squad (PCCS)


A Pakistan Hacker group "Pak Cyber Combat Squad (PCCS) " hacked more than 50 sites and defaced them.

Few hacked sites:
http://obapaslanmaz.com.tr/
http://noskturkiye.com/
http://narlicpl.k12.tr/
http://bezirgankoyu.com/
http://beykoztrakyalilar.com/
http://bestelhobi.com/
http://bestelmodelarabalar.com/
http://gayegencadam.com/
http://www.beselmobilya.com/

You can check the full list here:
http://pastebin.com/A4WhfJ16

Indian Congress site Hacked & Sonia Gandhi's Profile defaced by Pakistani Hacker

 A Pakistani Hacker "KhantastiC haXor"(Member of Pakistan Cyber Army Hackers group) break into Indian Congress Website and defaced the Sonia Gandhi's Profile with sexual contents. The site is recovered by the Admin now.

The attack coincided with Gandhi's 65th birthday and came just days after the Indian government pledged a crackdown on "unacceptable" Internet content, that included faked naked pictures of the Congress leader.

"I have been informed that the website has been hacked," Congress spokesman Tom Vadakhan said, adding that the site had been swiftly closed down once the intrusion was detected.Vadakhan told that the party's computer department was investigating the incident



Hacked Site:
http://www.congress.org.in/new/aicc-president-bio.php
http://www.aicc.org.in/new/aicc-president-bio.php

Previously, Pakistan Cyber Army group hacked into BSNL website and defaced it about 3 times . They hacked lot of Indian sites.

3rd time BSNL website Hacked by Pakistan Hackers

Again..again... and again.... BSNL website Hacked by Pakistan Hackers.  A Pakistani Hacker named as "Shadow008" hacked BSNL website as the result of CyberWar. I think this is 3rd or 4th time BSNL site hacked by Pakistan Hackers.

On October 2011, the BSNL site hacked by Pakistan Hacker named as "KhantastiC haX0r"

On July 2011, It was hacked by Pakistan Cyber Army.

Hacker Message on the Defacement page:
This is a Payback from Pak Cyber Army in return to the defacements of Pakistani websites !
You are playing with fire !. This is NOT a game kids
We are Warning you one last time, dont think that you are secure in this Cyber Space
We will turn your Cyber Space into HELL
And make sure that you have someone to Cry Over
Because we are going to literally throw you in the the deep sea
we will take Revenge ! if Any Pakistani Sites gets Hacked by Indians

Indian Cyber Force Hacked By Pakistani Hackers

Pakistani Hackers Group hacked and defaced the Indian cyber Force official site.  This is second time they got hacked by Pakistani hackers.

 Hackers said they hacked the sites to took revenge of the recent hack by Optic Fiber, An Indian Cyber Force Member.

Robot Pirates, a Pakistani hacker group also hacked more than 100 Indian sites due to the same reason.

Hacked Site:
http://indiancyberforce.in/