Tunisian Cyber Army , the hacker group that targets Unite States, has claimed to have breached official website of the First National Bank of Mercersburg (www.fnbmbg.com).
The security breach is part of their ongoing operation called "#opBlackSummer". The hacker informed EHN about the breach with a vulnerable link.
The group has discovered a SQL injection vulnerability in the target website, managed to exploit the vulnerability and compromised the user data.
The team said they are able to retrieve only 3500 user data , they have decided to attack again for retrieving full database.
TCA claims that the stolen user data contains clear-text login credentials, birthday, email address, Social Security Number(SSN) and address details.
Al-Qaeda Electronic Army and Tunisian Army recently attacked several U.S. Government websites as part of their operation called "#opBlackSummer" - an operation against America.
Now the hackers took their operation to next level by launching cyber attack against Petroleum and Gas companies. Yesterday, EHN got notification that the Team breached the two U.S. Petroleum websites.
They identified the SQL Injection vulnerability in the websites belong to "Chevron Corporation(chevron.com) -an American multinational energy corporation " and "Oceaneering International, Inc(oceaneering.com)- a subsea engineering and applied technology company based in Houston, Texas, U.S.A.". We have verified the existence of the vulnerability.
The team managed to exploit this vulnerability and extracted sensitive data from the target databases. The hacker said to have compromised important data including email addresses, passwords, and 270 IP address belong to Companies' computers.
The hackers claim they will send these IP address details to their Chinese hackers team to do some malicious work.
TCA said this operation will continue till September. The hackers said they are planning to "give a great surprise for the USA" on 11th Septemebr (9/11), the date on which al-Qaeda hijacked four airliners and carried out suicide attacks against targets in the United States.
Following the Pentagon and State.gov security breach, the Tunisian Cyber Army and Al-Qaeda Electronic Army has attacked two more United States Government websites.
Today, they have targeted the U.S. customs and Border Protection (cbp.gov) and Office of Personnel Management (OPM.gov).
The team managed to extract the information from the target database by exploiting the critical SQL Injection vulnerability in those websites.
TCA team told EHN that they have compromised information such as username, encrypted passwords(they managed to crack), private emails.
In an email sent to E Hacking News, the hacker provided the vulnerable link of both websites. For a security reasons, we are not disclosing the links here.
The hack is part of the their ongoing operation called as "#OpBlackSummer", an operation against U.S. So far, they have hacked large number of websites and compromised data. The hacker said their next target is Gas and Petroleum companies.
Recently, EHN received a news report from Tunisian Cyber Army and Al Qaida Electronic Army in which the hackers claimed to have infected the Pentagon administrator, as part of their on going operation called "#opBlackSummer".
The attack was happened after hackers identified a reflected cross site scripting(XSS) vulnerability in one of the sub domain of Pentagon (g1arng.army.pentagon.mil).
POC:
g1arng.army.pentagon.mil/Programs/Pages/Default.aspx?Category="><script>alert("xss by tca and AQECA on pentagon")</script>
xss vulnerability
The hacker managed to exploit this vulnerability for sending malicious payload to the admin of Pentagon. Hackers claims that they got success in infecting them.
Hackers said they compromised some important file and steal cookies from the pentagon mail. The security breach was done with collaboration with Chinese hackers.
At the time of writing, the vulnerability is not fixed. If the TCA claim is true, then this one will be the best example that demonstrate the severity of simple reflected xss. Yesterday, i have sent notification to Pentagon team about the vulnerability but there is no response from them.
In another mail, the team said the have hacked the state.gov with SQL injection vulnerability.
