It’s OpAfrica – Anonymous Hacks South African’s Arms Acquisition Agency

The Pretoria-based arms procurement agency Armscor or Armaments Corporation of South Africa has been hacked and financial data belonging to agency’s officials, clients and trade details have been leaked by Anonymous hacker. The hacker have used the dark web to leak 63 MB data in HTML files that include invoices numbers, order numbers, invoice amount etc of Siemens, Boeing, BAE Systems, Saab, the European Aeronautic Defence and Space Company (EADS, or Airbus), Rolls Royce, Panasonic, Glock Technologies, Thales Avionics, Microsoft, fellow South African company Denel, and many other invoices.

OpAfrica Plays The Main Part In This Data Leak !

The data dump is part of Anonymous’ OpAfrica campaign which started this January. The hacker also disclosed that the agency’s site has several bugs including one that allows anyone to open a settlement by simply using supplier ID without the password.  Besides the actual data, the hacker also included screenshots of Armscor’s invoice management system’s administration panel.

It was simple SQL injection –  The security flaw used to bypass the site’s security by the hacker.

Customer and trade data including customer IDs, company and trading Address, customer name, order Numbers, invoice numbers, invoice amount, invoice balance, invoice dates, transaction dates and received cheque numbers from 2014 to 2016 where found upon deep scan. It is confirmed that no emails or passwords have been leaked but transaction details for high profile defence and aeronautical companies are out for public access.

 

 

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Glove Stealer Emerges A New Malware Threat For Browsers

ANY.RUN Discovers Tricky Phishing Attack Using Fake CAPTCHA