Yesterday it was revealed that Armscor, the acquisition agency for South Africa’s Department of Defence, had its websites hacked over the weekend.
While the organisation has been quiet on the matter, it has released a statement saying that it will investigate the extent of the hack.
With a simple SQL injection, the hackers managed to breach Armscor’s Settlement and Invoicing system – and leaked 64MB of that data to the Dark Web.
The leaked data mainly contains the ordering and payment records for different suppliers, which includes companies such as Boeing, Fulcrum and Rolls Royce.
“A team of cyber experts has been convened to conduct a forensic analysis to determine the full extent of this incident. This is to ensure that tighter measures and interventions are in place to prevent similar attempts from recurring,” Armscor said in the statement.
The agency was quick to stress that no sensitive information has been lost through the breach, as the stolen data didn’t contain classified information.
“While an investigation is being undertaken, Armscor can confirm at this stage that information accessed does not contain sensitive and classified content.”
Lulu Mzili, the General Manager for Marketing and Business Development at Armscor said “We are aware of the increase in cyber threats, globally; hence IT infrastructure renewal is one of Armscor’s strategic focus areas.”
Speaking to HackRead, the person responsible said that the website had a good number of bugs and that it “…allows anyone to open a settlement by simply using supplier ID without the password.”
It also stands to reason that the hacker has information on just exactly what was purchased and for what amount.
This isn’t the first time that the hacker involved had a quick look-see at government defence websites. HackRead reports that the Armscor hacker is the same person who hacked two Israeli arms importers and leaked client details for operation OpIsrael.
[Image – CC by 2.0/mc czoper]