The hacker @Sc0rp10nGh0s7 from the Shad0w Security crew has broken in the server of the National Aids Research Institute NARI (India). The hacker accessed a more than 1 GB archive containing the results for dozens Hiv test.
The hacker just released a small portion of the compromised archive as proof of the data breach. They explained to me that they want to avoid problems with the patients, but this hack aims to demonstrate that the security staff at the Institute is not able to protect so sensitive information.
“this time we won’t leak everything, since our purpose is to hurt the gov not the people. The database file I have is more than 1Gb” told @Sc0rp10nGh0s7.
When I asked more technical details about the attack, the hacker told me that they prefer to keep secret the flaws.
I decided to avoid publishing the link to the data due to nature of the victim.
He also told me that the National Aids Research Institute NARI (India) has a good level of security despite the hack. The hacker breached an internal server of the organization and noticed the admin likes to put username & password in a text file.
“the way we choose the targets is random that helps us to not be expected, we will be in a place they least expect us to be” added the hacker.
The overall internal network was breached by the hackers.
In November 2016, the hacker Shad0wS3C hacked the Institute of the Registral Function of the State Mexico (FREM) and leaked the database online.
In August 2016, the group hacked the Paraguay’s Secretary of National Emergency (SNE) website and leaked online a dump from a PostgreSQL database.
(Security Affairs – Gh0s7, National Aids Research Institute NARI)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.