The official news webpage of opeSUSE has been hacked by a Kurdish hacker going by the alias of “MuhamedEmad”. The hacker defaced the linux-based company’s website by editing one of their posts on their news forum and plastering the following message to the thread post instead:
HaCkeD By MuhmadEmad
Long Live to peshmarga
KurDish HaCk3rS WaS Here
F*CK ISIS !
Along with that message, a Kurdish flag was also uploaded on the deface page. The defacement cusses out the terrorist organisation, the Islamic State. The attacker seems to be spreading his or her political views and message across the internet by defacing high profiled websites, to most likely raise awareness and attention to the threat that ISIS poses to the world.
This attack comes only after Kurdish forces recaptured 2 cities from the grasps of ISIS in Al Raqqah country side, only 2 days ago.
The team at openSUSE were quick to notice the defacement and removed the attackers message as soon as possible. The website at the minute is recovered with no other visible breaches or backdoors. However, a cached version of the defacement has been mirrored onto Zone-H Defacement Cache Archives.
The vulnerability and exploit the attacker used to inject the website may have not have been the openSUSE teams problem. The website uses WordPress. Recently, a major exploit was released in regards to the Content-Management-System (CMS), WordPress’s REST API. It is most likely the openSUSE sysadmins had not been aware of the vulnerabilities in the WordPress versions they had installed (Version 4.7.0 or 4.7.1) or the patch deployed to them. So it is safe to assume the fault does not lie onto the administrating staff working at openSUSE. However, this should be a lesson to always keep an eye out for patches in whatever CMS you use on your websites.