The same gang that hacked Adobe, PR Newswire and the National White Collar Crime Center in 2013 had targeted the German website of car maker Citroen. A news report published by the Guardian says that some customer data may have been stolen by hackers via the backdoor created by hackers with the breach.
According to authorities the hacker group behind this attack has already breached numerous websites exploiting Adobe software vulnerability and Citroen had one of its German websites hacked to include a backdoor. The attackers managed to embed the backdoor on shop.citroen.de, a website for buying Citroen-based gifts. This backdoor which was live until August 2013, and this allowed the hackers to steal any data on that server using method of bypassing normal authentication systems.
In a presser, the Citroën Germany spokesperson said that they were co-operating with the authorities in the matter as it appeared a criminal act. The spokesperson also acknowledged that some customer data was stolen but Citroen Germany did not know how many were affected. The spokesperson also said that the customers have been notified of the breach and are advised to check their bank accounts for any suspicious transfers. It is also unclear whether the Credit Card details of the customers were leaked, because the website stored the shipping data of the customers.
The hackers have been scanning the internet for weaknesses in a web application platform from Adobe known as ColdFusion. “The exploitation was targeted across the entire internet looking specifically for ColdFusion exploits,” Alex Holden, chief information security officer at Hold Security, stated. He added that “To explain the backdoor simply, it provides full command line and SQL database access with the rights of the user running the web services, which usually means everything on the web server.”
The agency responsible for running the German website for Citroen, anyMotion said that it has since fixed the backdoor and are investigating whether the hackers have installed any further malicious codes. They are also trying to ascertain the data that may have been stolen from the website.“We are examining the machines for known backdoors and unwanted software that someone may have installed on the machine,” said anyMotion’s Heinz Brasch.
In January 2013, Adobe was having a horrific time when the hackers found out the zero day vulnerability in Adobe software. It had led to many hacks at that time using the exploit. The Adobe ColdFusion vulnerability was one of the. Adobe has since patched the exploit in the software.
