Hackers breach NSW GovDC website

By on
Hackers breach NSW GovDC website

Updated: Attackers used well-known Wordpress vulnerability.

Hackers have broken into parts of the New South Wales government's GovDC website, obtaining access to the administrative pages for its content management system.

iTnews has confirmed that a compromise by allegedly Moroccan hackers "Thex@b1" had taken place.

At this stage, the extent of the breach is not known.

"Thex@b1" defaced an admin page, but not the main GovDC site itself. The attackers are known to have defaced government sites around the world.

Overnight, other hackers entered the site and replaced the original defacement with their own versions. As of writing, the GovDC CMS admin page displays a message from hacker "Mr.GTz" who claims to be Indonesian.

The miscreants appear to have taken advantage of a vulnerable version of the Slider Revolution Premium image carousel plugin for the popular Wordpress content managment system.

In July last year security researchers Sucuri discovered that a serious vulnerability in the Slider Revolution Premium - also known as Revslider - was being shared in underground hacker forums.

The vulnerability allows anyone to download the main Wordpress configuration file remotely and obtain the database authentication details to compromise entire sites.

While Revslider vendor Theme Punch patched its product in August last year, admins were slow to update their installations. Sucuri said in December 2014 that over 100,000 Wordpress sites had been compromised and were used to spread malware.

GovDC itself was set up in 2010 by the NSW government, to consolidate 130 data centres into two facilities in Wollongong and Silverwater.

Update: NSW Finance said the website only contained static content and promotional material, and is "not used in any of the operational or management activities of government facilities".

"At no time was government or citizen data compromised," a spokesperson said.

"The Wordpress CMS vulnerability was fixed and the breach has not affected the content.

"A new replacement GovDC public website has been under development for some time and will be hosted by an industry provider in the GovDC marketplace."

This new website will be incrementally released from tomorrow, the spokesperson said. 

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.

Most Read Articles

Log In

  |  Forgot your password?