Friday, January 22, 00:44
Home security Hacker uploaded files to the sites of WHO, UNESCO and other organizations

Hacker uploaded files to the sites of WHO, UNESCO and other organizations

A hacker managed to upload PDF files in sites known organisms, including World Health Organization (WHO) and UNESCO.


The attack was first reported by He takes advantage of some vulnerabilities, which could have been used for more serious attacks, but in this case the incident was not very complicated and fortunately the impact was small.

The PDF files were uploaded by one hacker using the name online m1gh7yh4ck3r. In recent days, the hacker has uploaded files in official sites of UNESCO, the WHO, the Georgia Tech Institute and a Cuban government site.

Georgia Tech and the WHO immediately removed the PDF files uploaded by hacker, which does not apply to the sites of UNESCO and the Government of Cuba.

Representatives of UNESCO told SecurityWeek that they will launch an investigation into the incident.

The PDF files uploaded by hacker are related to online game breaches and account breaches Facebook and Instagram. The files explain how the violations can be done and contain links that are supposed to lead to hacking services and tools. But in reality, lead them users on scammy sites.


Some VirusTotal antivirus programs have detected that some of these PDF files contained trojans.

We do not yet know how the hacker was able to upload the files to the sites of the WHO, UNESCO, etc., but it was probably not a complicated technique. The domains to which the files were uploaded allow users to upload content. The hacker can also took advantage vulnerabilities related to uploading files or bypassing authentication. Especially in the case of UNESCO, access to the login page is easy.

The good thing is that this attack had no serious consequences. This does not mean, however, that more dangerous incidents cannot occur. Being able to upload content to official sites of organizations such as the WHO and UNESCO can be very dangerous. Government hacking groups can take advantage of this to upload content to their advantage. Government hackers often target or "use" such organizations.

For example, since the beginning of the pandemic, state hackers with financial incentives, have sent thousands of malicious emails pretending to be the WHO. A vulnerability like the one exploited by m1gh7yh4ck3r could be particularly useful to them.

Georgia Tech told SecurityWeek that it has identified the source of the problem. The vulnerability has to do with a form on an old site that uses it Drupal CMS and the corresponding Webform module, which by default allows users to upload files to folders that are publicly accessible.

"Downloads that occurred on the chhs server [on the affected GA Tech server] are an example of an attack on incorrectly configured sites. This type of website spam is a bit unusual as well it is not based on weak credentials, nor on outdated software. It is based, on the contrary, on specific configurations of CMS and related modules (OWASP top 10 category "Security Misconfiguration"). For this reason, this type of attack is not easily detected by most existing scanners. We tried to tackle the problem through training and monitoring", Explained a representative of Georgia Tech.

UNESCO also uses Drupal and Webform. So even in this case, the hacker could have uploaded the files this way.

The specific attack By uploading files to WHO and UNESCO sites, it seems to be part of a larger campaign launched this summer, targeting government and university sites.


Please enter your comment!
Please enter your name here

Digital Fortress
Digital Fortress
Pursue Your Dreams & Live!


Mac: How to see which model you have and when it was released

When you need support for your Mac - or want to install some kind of upgrade - you usually need to know the exact ...

Bill Gates: Will he work with Biden on COVID-19 / climate change?

Microsoft co-founder Bill Gates said on Twitter that he is looking forward to working with the new US President, Joe Biden, and ...

What are the rumors circulating about the iPhone 13?

Apple iPhone 13 will have a redesigned Face ID system that will have a smaller notch at the top of the screen, ...

Biden: How was the political transition in the US captured on social media?

As Joe Biden was sworn in as President of the United States, this important political transition was captured on popular social media. On January 20, ...

CentOS ceases to be supported but RHEL is offered for free

Last month, Red Hat caused a great deal of concern in the Linux world when it announced the discontinuation of CentOS Linux.

Microsoft Office 365 employee passwords leaked online!

A new large-scale phishing campaign targeting global organizations has been found to bypass Microsoft Office 365 Advanced Threat Protection (ATP) and ...

COSMOTE and Microsoft provide new cloud solutions for businesses

COSMOTE and Microsoft expand their cooperation, offering even more advanced and high quality cloud solutions, in large and small ...

Cyber ​​attacks in Eastern Europe are on the rise!

The cyber-attacks that have taken place in many US government agencies and companies in recent months have caused concern in the developing countries of ...

Tesla reduces the prices of the Model 3 in Europe

Tesla has reduced the prices of the Model 3 in many European markets, which reductions could be partly linked ...

iOS, Android, XBox users in the crosshairs of a new malvertising campaign

Recently a new malvertising campaign was discovered that targets users of mobile and other connected devices and uses effective ...