An Iranian hacker who uses the online moniker Mormoroth has managed to breach the systems of the Network Information Center of Paraguay (nic.py). The attacker used the access to make it look like Google Paraguay (google.com.py) was defaced.
The hacker hasn’t actually breached any of Google’s systems. Instead, he altered the DNS records for google.com.py to redirect the site’s visitors to his defacement page.
Mormoroth published a number of screenshots to demonstrate that he had gained access to NIC.py’s backend systems. He leaked some user credentials and other information stolen from the site’s databases.
In a blog post on ha.cker.ir, the hacker has explained that he has leveraged a remote code execution (RCE) vulnerability to breach NIC.py.
“By executing simple localroot exploit we are able to gain root access and cp all data on server but that is not necessary, admin have set inappropriate permissions on all directories which made us capable of browsing everywhere and reading any file,” Mormoroth noted.
The hacker says that initially he didn’t want to publish any data stolen from the NIC. However, he decided to leak some information after Paraguayan authorities allegedly said “there wasn’t any hack.”
A cyber security expert told ABC Color that he alerted Paraguay’s National Computing Center of the vulnerability exploited by the Iranian hacker five years ago. However, the organization didn’t respond to his reports and the security hole remained unfixed.