GhostShell hackers return: Breached over 300 websites within 24 hours

A group of hackers identified as Team GhostShell is exposing the snippets of private information allegedly hacked from the databases of a number of hacked websites in the last 24 hours.

A sting of high-profile hacking attacks were linked with Team GhostShell in the past. The group went silent but now reverted with mass database pillaging and hacks. Team GhostShell claims to have attacked a huge list of sites in last 24 hours.

The group posted the links to various Japanese and Korean websites, university websites, educational portals and traveling platforms, which Team GhostShell claims to hacked, at their Twitter account.

An engineer from Symantec said in a threat advisory on the hacks, in case the GhostShell group’s claims are correct, then the number of attacked websites will surely range in the thousands.

As per advisory, “Reports say that the data dumps reveal compromised account details numbering in the thousands at the lower estimate; however, this number is probably much higher.”

It is not clear if the GhostShell’s claims are really correct. But, group’s previous activities lend credibility to their claim. GhostShell was completely active in year 2012, and hacked a number of high profile websites.

We hope you remember the GhostShell claimed the responsibility for a series of hacks on the earth’s leading 100 universities. The hacks enabled GhostShell to publish 120000 students’ data on the internet and were intended to protest in contradiction of tuition fees and the unproven “decreasing standards of education.”

After that GhostShell hacked 1.6 million records and accounts from various American government departments containing NASA, ESA, Federal Reserve, FBI and the Pentagon in December 2014.

It pretty much clicks the mind that everyone might want to hack Facebook, for random reasons. This is still unclear why the group re-emerged to hack a seemingly random set of sites.

But, the Symantec experts said the random target base indicates the group hacks were planned as an open display to jog the memory of cyber security society that they are active until now.

The researchers said, “From first appearances, the recently released list of hacked websites seems to be random and there is no indication that any particular country or sector is being targeted. The group is more than likely hacking websites that are vulnerable. In keeping with its previous modus operandi, it is likely that the group compromised the databases by way of SQL injection attacks and poorly configured PHP scripts; however, this has not been confirmed.”

The group however required as many stare as it could get and call out a security firm FireEye in its tweets.

FireEye is a cybersecurity firm that has aided to investigate and uncover various high profile hacks, containing the well-known 2014 Sony hack.

SecurityGladiators has reached out to the companies and universities being targeted and will keep you updated here on this post if we receive any response.

Ali Raza Ali is a freelance journalist, having 5 years of experience in web journalism and marketing. He contributes to various online publications. With a Master degree, now he combines his passions for writing about internet security and technology for SecurityGladiators. When he is not working, he loves traveling and playing games.
Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.