I have reached them for a comment and they told me that the attack was not targeted, they defacted the site only for fun.
“We are hacktivists, we usually hack for many various causes related to activism.” Ghost Squad Hackers’s member s1ege told me. “This attack was done solely for fun”
The group claims to have hacked numerous organizations and government agencies over the years, including US military, European Union, Washington DC, Israeli Defense Forces, the Indian Government, and some central banks.
The team appears to be focused primarily on operations against governmental agencies.
When I asked them for more details about the attack, the hackers explained that they have exploited a Server-side request forgery (SSRF) remote code execution vulnerability in the server, then they gained access to the business.esa.int domain and defaced it.
A Server-side request forgery (also known as SSRF) is a web security vulnerability that allows an attacker to induce the server-side application to make HTTP requests to an arbitrary domain of the attacker’s choosing.
In typical SSRF examples, the attacker might cause the server to make a connection back to itself, or to other web-based services within the organization’s infrastructure, or to external third-party systems.
A successful SSRF attack can often result in unauthorized actions or access to data within the organization, either in the vulnerable application itself or on other back-end systems that the application can communicate with. In some situations, the SSRF vulnerability might allow an attacker to perform arbitrary command execution.
The hacktivist remarked that they did not act for political reason, they also highlighted that they had no interest in leaking any data. They intent was to deface the website to show it was vulnerable.
Ghost Squad Hackers did not attempt to report the flaw to ESA.
(SecurityAffairs – hacking, ESA)