Agência Nacional do Petróleo, Gás Natural e Biocombustíveis Hacked by K4PP4K, Site Admin Credentials Leaked Online

Earlier this morning, March 17th 2019, a hacker going by the name of “K4PP4K” announced a hack and data breach effecting to the National Agency of Petroleum, Gas and Natural Combustibles (ANP) of the Federal Republic of Brasil. Contained within a data leak affiliated with the website are the file folders of 3 databases attached to the back-end of the agencies website, along with the email, usernames and passwords of 9 administrators granting full root access over the site and all of its content.

At the present moment in time not much is known about K4PP4K, but this is their second such major hack of a National Brasilian agency dating back to February 24th 2019, when K4PP4K released various SQL vulnerabilities attached to the website belonging to the state government of Rio de Janeiro. Similarly, it’s suspected that SQLi is also how K4PP4K breached ANP’s website this week. Unfortunately though, ANP was officially tagged in the release a little more than 13 hours ago, meaning that if those admin credentials haven’t already been changed they almost certainly will be very shortly.

Alvo: hxxp://anp.gov.br/
Raw Leak: https://hastebin.com/kilisodide.pl
Leak Backup: https://ghostbin.com/paste/yxb2v

Published by

Brian Dunn

Writer, Researcher Owner: Rogue Media Labs | Rogue Security Labs (929)-319-2570 BrianDunn@RogueSecurityLabs.Ltd

Leave a Reply

Your email address will not be published.