In a posting released on Twitter December 20th 2018, the “Akatsuki Gang” announced a hack of Brasil’s Ministry of Finance, managing to leak sensitive information tied to the sites back end, inner workings and databases online. Analyzing the attack, it appears as though the Akutsuki Gang exploited an SQL vulnerability attached to the landing page of previdencia.gov.br/conteudoDinamico.php?id=1093 – gaining remote access to a MySQL database containing PHP version 7.2.10 files hosted on a Microsoft-IIS 10.0 web server.
While the leak contains approximately 6,345 lines, most of the data is mirrored locations of various folders, files and databases contained on the sites web page – only browse-able should you gain physical access to website yourself. With that said however, there is some interesting/valuable material contained within the information dumped online, such as a full list of all the sites DNS records, the IP Address and destinations of all the sites sub-domains, the websites IP, Network and Netmask Addresses, as well as the sites back end login page – which isn’t currently protected against brute force attacks.
In a message attached to the hack/leak, the Akatsuki Gang released a full list of its members, explaining that “We Are: SNM Anops &&& D3coder &&& Knushh &&& SpySec &&& L0ster &&& CooldGirl &&& Satuur.” Also leaving behind a dark/ominous message stating “Can you take revenge on evil without becoming a part of it? I do not live to please you, when I make choices I’m prepared to face the consequences myself. Otaku is good, it’s just Otaku being himself.” According to a separate press release on Twitter, the Akatsuki Gang announced that they will be targeting Brasil’s Ministry of Agriculture, Livestock and Farming next.
Website Effected: hxxp://previdencia.gov.br
Location of Vulnerability: hxxp://previdencia.gov.br/conteudoDinamico.php?id=1093
Raw Leak: https://ghostbin.com/paste/xho67
This is the first time I have covered the Akatsuki Gang for Rogue Media Labs, but the group has been extremely active throughout the later half of 2018. For example, over the course of the last 3 months alone, the group has hacked websites and databases belonging to the Military Police of Piaui, Military Police of the State of Goiás, Civil Police of Rio de Janeiro, Federal University of Rio de Janeiro, Brasilian Party of Women and municipalities of the states of Natal, Mins Gerais, Pernambuco, Santa Catarina and São Paulo, as well as pages of USP and the Courts of Justice of Espírito Santo (TJES) and Santa Catarina (TJSC).
Read More About The Groups Activities Here: https://www.defcon-lab.org/tag/akatsuki-gang/
— Akatsuki Gang (@akatsukgang1993) December 21, 2018