Hackers affiliated with the hacktivist collective Anonymous have reportedly breached a South African arms procurement agency and leaked data, including details on the firm's financial, trade and client records. Pretoria-based Armscor is the latest victim of Anonymous' OpAfrica campaign.
According to a report by Hackread, the breach occurred in the early hours of 11 July and involves 64 MB data, including invoice numbers, order numbers and invoice amounts of firms such as Airbus, Thales Group, Rolls Royce, EADS (European Aeronautic Defence and Space), Denel and others.
The hacker disclosed that he gained access to 19,938 IDs of suppliers, names and plaintext passwords. He claimed that "it was a simple SQL injection" that allowed him to breach the site. He said Armscor's website had several bugs, one of which allows entities to open up a settlement without a password, by just using a supplier ID. The passwords accessed by the hacker also allow anyone to log into the company's settlement system as either a manager or a supplier.
According to the report, emails or passwords are yet to be leaked on the dark web. Information including the company's trading address, dates of transactions and cheque numbers received by the firm between 2014 to 2016 have been uncovered. In addition to the 104 HMTL files that have allegedly been leaked, the transaction details of defence and aeronautical firms have also been made public by the Anonymous hacker.
This is not the first time Anonymous has targeted South African organisations. In June the hacktivist collective launched a massive DDoS attack on the country's official news broadcasting outfit – the South African Broadcasting Corporation. In February the collective claimed to have leaked personal information of over 1,000 government employees in retaliation for corruption, child labour and internet censorship in the country.