Info Data Leak

E-Government Philippines Breached by DeathNote Hackers: E-LGU System Vulnerability Exposed

kukublanPH

Threat Actor: DeathNote Hackers | DeathNote Hackers
Victim: E-Government Philippines | E-Government Philippines
Price: Not disclosed
Exfiltrated Data Type: Potential sensitive data access

Key Points :

  • The breach occurred on August 10, 2024, through an unrestricted file upload vulnerability.
  • DeathNote Hackers uploaded a defacement page to highlight the security flaw.
  • The vulnerability could allow for web shell uploads, sensitive data access, and server control.
  • The hackers warned of a “ticking time bomb” if the vulnerability is not addressed promptly.
  • The Department of Information and Communications Technology (DICT) has been urged to take immediate action to secure the system.
  • The situation is ongoing, with potential for more severe attacks if the issue remains unresolved.

Manila, Philippines – The E-Government website (https://e.gov.ph) of the Philippines has been compromised by a group known as DeathNote Hackers.

On August 10, 2024, DeathNote Hackers successfully breached the E-Government (EGOV) website of the Philippines. The breach was carried out through an unrestricted file upload vulnerability within the E-LGU system. The hackers uploaded a defacement page to demonstrate the severity of the flaw, which could allow malicious actors to upload web shells, access sensitive data, and potentially control the entire system.

In an email sent to Deep Web Konek, the hackers detailed their findings and provided links to the defacement page, mirrors, and archived copies of the breach. The email outlined the vulnerability and emphasized the urgency for the Department of Information and Communications Technology (DICT) to secure the system. DeathNote Hackers warned that the flaw represents a ticking time bomb and could lead to a full-scale security disaster if not addressed promptly.

Vulnerability Information:

  • Type: Unrestricted File Upload (Authenticated)
  • Affected System: E-LGU (E-Government Philippines)
  • Potential Impact: Web shell upload, data leaks, server control

DeathNote Hackers stated that their intention was to demonstrate the severity of the vulnerability and to urge the DICT to take immediate action. They emphasized that this was not a harmless breach but rather one with significant implications if exploited further.

The DICT is advised to prioritize the security of the E-LGU system and address the unrestricted file upload vulnerability immediately. Failure to do so could result in catastrophic consequences, as the current breach may only be a precursor to more severe attacks in the future.

Note: The situation is ongoing, and further updates will be provided as more information becomes available.

Source: https://kukublanph.data.blog/2024/08/10/e-government-philippines-breached-by-deathnote-hackers-e-lgu-system-vulnerability-exposed/

Tags: IMPACT, VULNERABILITY, BREACH, GOVERNMENT, EMAIL