A hacker group called Ghost Squad Hackers has defaced a site of the European Space Agency (ESA).
A member of Ghost Squad Hackers, s1ege stated that they are hacktivists and they usually hack for various reasons related to activism but this attack was done only for fun.
The group have hacked numerous organizations and government agencies over the years, including US military, European Union, Washington DC, Israeli Defense Forces, the Indian Government, and some central banks.
The group usually targeted operations against governmental agencies.
On contacted for more details regarding the attack, the team said that they exploited a Server-side request forgery (SSRF) remote code execution vulnerability in the server, and then gained access to the business.esa.int domain and defaced it.
A Server-side request forgery (SSRF) is a web security vulnerability that lets an attacker to induce the server-side application to make HTTP requests to an arbitrary domain of the attacker’s choosing.
In usual SSRF, the attacker causes the server to make a connection back to itself, or to other web-based services within the organization’s infrastructure, or to external third-party systems.
The hacktivist said that they did not act for political reason, they also added that they had no interest in leaking any data. Their only objective was to show that the website was vulnerable.