Hacking Sri Lanka: Hall of Misery | #government | #hacking | #cyberattack | #hacking | #aihp

[11/10/2022] Sampath Bank official Twitter account

Sampath Bank’s official Twitter account was seemingly hijacked over a crypto scam with the account tweeting what suspiciously looked like scam links.

Account has since deleted the dubious crypto tweets

[27/09/2022] Sri Lankan Airlines official Twitter account

Hijacked by crypto scammers in a round that appeared to specifically target verified accounts. The national airline carrier’s Twitter account was hacked to disperse the typical stream of random crypto tweets.

The incident was reported on 27 September. The account remains inactive with the crypto tweets still on the feed.

[09/09/2022] Department of Examinations website (doenets.lk)

Technically this wasn’t a hack. It was just a 17-year-old exposing an insecure API. In this case, the student utilized the open nature of the doenets website API to manipulate its data. In other words, it was less breaching in and more walking into a home with the key on the door.

[20/04/2022] Anonymous attacks on multiple websites

Following the economic crisis and the peak of #GotaGoHome protests, Sri Lankans actively campaigned for the notorious Anonymous hacktivist group to “dig up information on corruption” à la leaking supposedly sensitive information. The constant demands were finally answered in some form, in what appeared to be a clique of enthusiastic individuals attacking several websites. Some of these included,

• Sri Lanka Bureau of Foreign Employment (SLBFE) database leaked with 1000+ entries
• Ministry of Health website
• Subdomain belonging to Ada Derana (24.adaderana.lk)
• Business Today website with database leaked

There were reportedly over 30 targeted attacks. Watchdog has a detailed account of the entire ordeal.

Many, if not all of the defaced websites have since been reclaimed and are now online. How far the exposed vulnerabilities have been patched, remains to be seen. No update on any recourse taken on the leaked data.

[01/04/2022] PayHere hack

An attacker compromised Bhasha’s fintech arm PayHere and exposed over 1.5 million records. The attack exposed 65GB worth of data of IP and physical addresses, names, phone numbers, purchase histories, and partially obfuscated credit card data. The suspected hack reportedly happened via a malicious file upload.

The company has listed its course of action following the breach and now has opened up its own bug bounty program

[24/03/2022] Seylan Bank official Twitter account

Similar to other crypto scam attacks on Twitter, Seylan Bank’s account was briefly hijacked tweeting suspicious crypto-related content and links.

[06/09/2021] Sirasa Youtube channels

Several YouTube channels belonging to the Maharaja Network (Sirasa) were briefly compromised, including Voice Teens and TV1. Although it’s unclear what the motivations were, evidence points to another crypto scam hijack.

[19/08/2021] Derana YouTube

Likely the first major online account hijacked over a crypto scam. TV Derana YouTube channel was hacked following an exploited vulnerability in one of the remote access software. The attackers replaced the channel with a crypto stream.

[03/06/2021] Multiple government sites compromised

A widespread attack on several government websites that mostly included unsanitized URL redirects and some defacements.

[30/05/2021] Local ISP attacked

Leading ISP, suspected to be Sri Lanka Telecom, reportedly fell victim to a cyberattack that caused service interruptions to several of its customers.

The extent or the acknowledgment of the attack has not been communicated to this day.

[18/05/2021] Multiple government websites defaced

State websites belonging to the Health Ministry, Energy Ministry, Rajarata University, and the Chinese Embassy in Sri Lanka were hacked. Tamil Eelam Cyber Force claimed responsibility for the attacks.

[06/02/2021] LK Domain Registry hack

The LK Domain Registry was hacked and several websites were compromised following a DNS cache poisoning attack. As a result many visiting google.lk were instead redirected to a page that drew attention to several contemporary national issues.

[24/08/2020] National Lotteries Board of Sri Lanka email server

The National Lotteries Board of Sri Lanka’s email servers appeared to be compromised following phishing emails sent to the public.

[30/05/2020] Government sites under attack

The websites for the Sri Lanka Bureau of Foreign Employment, the Ministry of Public Administration and the Ministry of Health came under a cyberattack by the Tamil Eelam Cyber Force.

[25/05/2020] REvil attack on SLT

A ransomware known as REvil attacked a section of SLT’s internal servers. The internet provider stated that the attack had no impact on its services.

[18/05/2020] Government and private websites defaced

The Tamil Eelam Cyber Force targeted the websites of Rajarata University, Sri Lanka Embassy in China, Hiru News, Brics Ventures (construction company), and the Cabinet Office.

[05/05/2020] MAS Holdings under ransomware

MAS Holdings fell victim to the Nefilim ransomware where hackers claimed to be in possession of 300GB worth of private data. At the time, the group posted some allegedly stolen documents online as evidence.

[25/08/2017] President website hacked, twice

The president’s website was compromised twice on the same day, by a 17-year-old. The website has was shortly restored afterward and the teenager was let off with a warning.

[20/01/2015] Presidential Secretariat is down

The website was taken down for unknown reasons, either as a result of an attack or an administrative mistake

[17/04/2014] 129 websites attacked

Dubbed #OpSriLanka, the attack carried out by the Anonymous group managed to target 129 local websites.