The Australian Governmental Agency of New South Wales Country Council has been hacked and defaced by a hacker named NeT.Defacer. The website was defaced with the following message plastered on the websites page within the directory “/hello-world/”.
Motives of the hacker are yet unknown. However, hacks such as this one have recently increased with defacements having just 2 to 3 words displayed within them. It seems it’s become a game to these types of hackers to see who can deface the most.
The hackers that have done such recent defacements seem to be using a hack-bot or script to help them exploit and inject websites, which in this case is the Australian NSW Government website representing a Country Council made for weed control. It’s most likely the bot is made to search out, exploit and deface websites using the recent WordPress REST API Bug.
Before this, other websites such as the MIT website, APT and even openSUSE. The website has been restored by web administrators as of the writing of this article, however a cached version of the defacement can be found on Zone-H Archives.
UPDATE: The website has just been hacked now by the hacker Trenggalek G3tar.
Trenggalek G3tar seems to have used the same exact exploit to deface the website because the same directory, “/hello-world/”has been affected. The administrators at the NSW County Council website seem to be unaware of the breach and did not patch their website from the previous defacement by NeT.Defacer.
We will keep updating this story as it develops. As of yet, no comments from the web administrators have been posted on the breach.
The hacker was the perpetrator behind the defacement of NeuroSolutions MIT that we reported on a couple of days ago.