The hacktivist group GhostShell on Monday announced its biggest attack yet: #ProjectWhiteFox, which targets the ESA, the FBI, the Federal Reserve, Interpol, NASA, and the Pentagon, as well as many companies that partner with these organizations. The team says it has released 1.6 million accounts and records from fields such as aerospace, nanotechnology, banking, law, education, government, military, the department of defense, airlines, and more.
In a Pastebin file, GhostShell features a list of 37 organizations and companies, including The European Space Agency, NASA’s Engineers: Center for Advanced Engineering, and a Defense Contractor for the Pentagon. GhostShell sets itself apart from other hacktivist groups by targeting more than just one company or organization, and then releasing the results of its attack all at once. This set of hacks is spread out across 456 links, many of which simply contain raw dump files uploaded to GitHub and mirrored on paste sites Slexy.org and PasteSite.com.
The uploaded files contain what appears to be user data that looks to have been obtained from the servers of the various firms (likely via SQL injection). The entries include IP addresses, names, logins, email addresses, passwords, phone numbers, and even home addresses. Email accounts include the big three (Gmail, Hotmail, and Yahoo), as well as many .gov accounts. There are also various documents and material related to partnerships between companies and government bodies, as well as sensitive information for the aforementioned industries.
Furthermore, the group says it has sent an email to the ICS-CERT Security Operations Center, Homeland Security Information Network (HSIN), Lessons Learned and Information Sharing (LLIS), the FBI’s Washington Division and Seattle location, Flashpoint Intel Partners, Raytheon, and NASA. In it, theysay to have detailed “another 150 vulnerable servers from the Pentagon, NASA, DHS, Federal Reserve, Intelligence firms, L-3 CyberSecurity, JAXA, etc.”
GhostShell made a name for itself by breaching 100 top university servers and releasing 120,000 student records in October. In November, the group stepped up its game by declaring war on Russia and allegedly leaking 2.5 million accounts and records. Now we’re in December, and once again it has upped the ante.
The hacktivist group says this is their last project for the year and calls it “an early Christmas present.”
Image credit: Stephen Davies