Publication Date: June 12th, 2024
Incident Date: June 12th, 2024 01:15:45 (WIB)
The Chiang Rai Primary Educational Service Area Office 2 website (chiangraiedu2.go.th) was compromised in a recent hacking incident. The hacker, identified as lxrdk1773n, took over 12 subdomains of the site.
Hacker Details:
- Hacker Name: lxrdk1773n
Website Details:
- System: Linux
- Web Server: CloudFlare
- IP: 104.21.72.26
- Location: United States
Compromised Subdomains:
This section lists the URLs of the 12 subdomains of the Chiang Rai Primary Educational Service Area Office 2 website that were compromised during the hacking incident. Each link represents a specific page or resource that was taken over by the hacker.
- https://cert.cri2.go.th/zZz.html
- https://e-is.cri2.go.th/zZz.html
- https://e-plan.cri2.go.th/zZz.html
- https://e-reward.cri2.go.th/zZz.html
- https://edpa.cri2.go.th/zZz.html
- https://eservice.cri2.go.th/zZz.html
- https://evaluation.cri2.go.th/zZz.html
- https://evolution.cri2.go.th/zZz.html
- https://ita.cri2.go.th/zZz.html
- https://salary.cri2.go.th/zZz.html
- https://service.cri2.go.th/zZz.html
- https://bigdata.cri2.go.th/readme.html
The attack employed a brute force method to gain unauthorized access. This technique involves systematically trying various passwords or keys until the correct one is found, exploiting weak or inadequate authentication measures.
The hacker’s motivation appears to be recreational, with lxrdk1773n stating the action was “just for fun.” This incident underscores the need for stronger security protocols and monitoring to prevent such unauthorized access.