Despite announcing his intentions to “go inactive for while” at the start of the month, earlier today, December 5th 2018, a hacker going by the name of “SHIZEN” announced his latest string of hacks on social media. The first attack targeted l‘académie de Grenoble in France, disclosing an SQL vulnerability tied to the sites back end – exposing two site databases. The second hack targeted Baqai Medical University in Sindh, Pakistan, analysis of which suggests that SHIZEN was able to exploit a misconfiguration of the websites php file admin access panel also via SQL injection, allowing for hackers to remotely access databases attached to the site.
While no explanation or motive for the hacks was given, SHIZEN did tag the hack #OpEdu, perhaps indicating that this was the beginning of a much larger operation targeting international educational institutions in the near future? Other groups such as “PinkiHacks“ in Israel have also been very active hacking major international universities over the course of the last several weeks as well – though at this time there appears to be no correlation between the attacks/incidents.
l’académie de Grenoble Hack:
Website Effected: hxxp://ac-grenoble.fr/
Baqai Medical University Hack & Leak:
Website Effected: hxxp://baqai.edu.pk/
URL Address Exploited: hxxp://baqai.edu.pk/NewsDetail.php?id=47999999.9
Raw Leak: https://ghostbin.com/paste/37toz