Hackers claiming to be “Team Bad Dream” have managed to gain access to the official website of Ministry of Foreign Affairs and Embassy websites of Lebanon.The hacker uploaded a hacked page named “default.html” on 20 Embassy websites of Lebanon and the website of Ministry of Foreign Affairs of Lebanon.
The motives behind the hack and defacement by the hacker is unclear. Although the hacker left an Arabic message “عاصفة الحزم قأدمة إلى لبنان ” on their deface page. While using Google translator to translate the message, the following message was translated “The Storm of the Bees to Lebanon”.
The method used by the hacker to gain access to these important websites are still unknown, nor do we know yet if the hacker stole any sensitive data from those government websites.
Upon investigating the hack, the hacked websites appears to be hosted on a Windows 2012 servers, hosted in the United States by a company named “WeHostWebSites”. All hacked websites were hosted on the same server. This could mean that the hacker had gained access somehow to a vulnerable website hosted on the server, allowing them to hack other websites from the backend due to poor security added by the server management team.
The hackers had also saved a cached mirror on the cybercrime archive for the records of the defacement. At the time of publishing this news, all websites were hacked and defaced. As the defacement was fresh, the cached mirrors were still pending for approval. Therefore, if websites aren’t listed on the link above, it would possibly be listed here.
The embassy websites which have been hacked are Embassy of Lebanon in Madrid – Spain (Spain), Embassy of Lebanon to the Republic of Gabon – Libreville, Consulate General of Lebanon in New York, Embassy of Lebanon to the Bolivarian Republic of Venezuela, Embassy of Lebanon to the Republic of Sudan – Khartoum, Embassy of Lebanon in Hungary – Budapest, Embassy of Lebanon to the Arab Republic of Egypt – Cairo, Embassy of Lebanon to the Kingdom of Morocco – Rabat, Embassy of Lebanon in Republic of Armenia – Yerevan, Embassy of Lebanon in Islamic Republic of Pakistan – Islamabad, Embassy of Lebanon in Federal Republic of Nigeria – Abuja, Embassy of Lebanon in Switzerland, Embassy of Lebanon in Malaysia – Kuala Lumpur, Embassy of Lebanon to the Sultanate of Oman – Muscat, Embassy of Lebanon in the United Kingdom, Embassy of Lebanon in Republic of Indonesia – Jakarta, Embassy of Lebanon in the Federal Republic of Germany – Berlin, Consulate General of Lebanon in Rio de Janeiro, Embassy of Lebanon in Kingdom of Sweden – Stockholm, and Embassy of Lebanon to the Hellenic Republic – Athens.
This isn’t the first time that the Ministry of Foreign Affairs of Lebanon website being hacked. According to Zone-H records, the website had been hacked two times before! On 21/03/2017, a hacker named “Mr.Domoz” from the hacktivist group called “AnonGhost Team” had uploaded a hacked page with the file name “domoz.htm”. While back in 2015, a hacker from Jordan named “MoThAnnA-X” had managed to upload a hacked page with the file name “x.htm”. That too, being hosted on the same Windows 2012 OS server, and web host.