Poison.sh of Tenebris Hacks/Defaces 169 Websites Across The World

If you are a regular reader of this website you would know that rarely do I ever feature reports on website defacing, it just isn’t really my “thing.” However, that does not mean I dismiss the subject entirely either. For example, this morning I managed to come across a Twitter posting from a relatively new group of South American hackers going by the name of “Tenebris,” whom claim to have hacked 169 websites around the world throughout the course of the last several days and weeks. While I was skeptical at first, after conducting a little bit of research into the hacks and clicking through the links provided, it appears as though the group really is telling the truth – which is why I am featuring them here today.

The website defaces are said to have been pulled off by a hacker going by the name of “Poison.sh” – a famous Brazilian hacker well known for permanently disabling and defacing websites throughout the country in the past. Analyzing the URL structure as they exist inside Pastebin suggests that Poison.sh has managed to gain access to each of the websites admin/dashboard panels, where he then uploads a jpeg image/file featuring the groups logo within the websites media folder – thus allowing for him to link to it externally and give the appearance as though the website has been hacked/defaced.

This is also very clever because rarely do website administrators ever audit their own media files, and the more media files/pictures exist on the website itself only makes it hard to find any image(s) that may be out of place on it.  Consequentially enough, this would also explain why Poison.sh‘s ‘defaces’ tend have such long shelf lives.

Full List of Websites Compromised/Defaced: https://pastebin.com/DWugWyiA

Published by

Brian Dunn

Writer, Researcher Owner: Rogue Media Labs | Rogue Security Labs (929)-319-2570 BrianDunn@RogueSecurityLabs.Ltd

Leave a Reply

Your email address will not be published.