The group of Iraqi hackers called “Pro_Mast3r” has breached the server hosting a Trump website associated with campaign donations.
A group of hackers who is calling themselves “Pro_Mast3r” has defaced a website associated with President Donald Trump’s presidential campaign fundraising on Sunday.
The website was hosted on the server secure2.donaldjtrump.com that is managed by the Cloudflare content management and security platform.
The website is not directly linked from the Trump Pence campaign’s home page. According to the Ars website, the hacked machine is an actual Trump campaign server that uses a legitimate certificate.
“But it does appear to be an actual Trump campaign server—its certificate is legitimate, but a reference to an image on another site is insecure, prompting a warning on Chrome and Firefox that the connection is notsecure.” states Ars.
The defaced page displayed an image of a man in a fedora and the following text:
Hacked By Pro_Mast3r ~
Attacker Gov
Nothing Is Impossible
Peace From Iraq
The analysis of the source code of the page revealed the presence of a link to a javascript on a now-nonexistent Google Code account, ‘masterendi’. This account was associated with the hack of other websites.
The script is a snow animation script, it doesn’t include any malicious component.
The strange circumstance in this hack is that attackers included JavaScript that was no more available in the wild.
Archive.org includes several instances of the link at this specific Javascript, but they are no more active since 2015.
At the time I was writing the server is down.
Source:https://securityaffairs.com
Working as a cyber security solutions architect, Alisa focuses on application and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.