Incident Date: October 15, 2020, 04:29:28 (WIB)
Hacker Details:
Hacker Name: rizky07
Hacker Group: Sunda Cyber Army
Website Details:
URL: www.ebmn.pu.go.id/uploads/files/q.txt
System: Windows 2008
Web Server: Apache
IP: 103.211.51.82
Location: Indonesia
Incident Details:
Proof of Concept: File Inclusion
Reason: Heh…just for fun!
Archive Page:
https://defacer.id/mirror/id/115681
Cyber Attack Report’s Page:
https://defacer.id/cyber-attack-report/115681
The e-BMN Ministry of Public Works and Housing website, specifically the file located at www.ebmn.pu.go.id/uploads/files/q.txt, was hacked by rizky07, a member of the Sunda Cyber Army group. This attack compromised a key page under the e-BMN system, a vital infrastructure for managing government assets.
The hacker exploited a “File Inclusion” vulnerability, allowing them to include and execute malicious files on the server. This type of exploit is often used to gain unauthorized access to sensitive data or take control of the server.
The reason behind the attack was simple mischief, with the hacker stating, “Heh…just for fun!” indicating a playful but disruptive intent.