Threat Actor: Unknown | unknown
Victim: Port of Seattle | Port of Seattle
Price: Not disclosed
Exfiltrated Data Type: Website access and directory structure
Key Points :
- The threat actor claims to have defaced the Port of Seattle’s website on September 2, 2024.
- The attacker alleges they have breached the newly restored version of the site and plan to deface it again on September 21 at 4:00 AM.
- Proof of access was provided through a directory listing of the compromised system, showing multiple folders from the C: drive.
- The attacker has created a script to maintain control over the defacement page, ensuring it remains active.
- This script is designed to check for the page’s presence every hour and reinstate it if removed.
A threat actor on a dark web forum, has made claims about compromising the website of the Port of Seattle. The post asserts that the attacker defaced one of the Port’s website, meetings.portseattle.org, on September 2, 2024. In a concerning development, the same individual alleges they have breached the newly restored version of the site and plan to deface it again on September 21 at 4:00 AM.
The attacker provided proof of access by sharing a directory listing of the allegedly compromised system, displaying multiple folders from the C: drive, including those labeled “apache24,” “mainframe,” and “site_caches.”
In their message, the attacker claimed to have written a script designed to maintain control over the defacement page, ensuring it remains active. This script, allegedly placed in the startup folder, will automatically check for the page’s presence every hour, and, if removed, will reinstate it with a new message.
The post Threat Actor Claims Repeated Breach of Port of Seattle Website appeared first on Daily Dark Web.