Team GhostShell emerges from hiatus, hacks 300 websites around the world from China to Brazil and all in between

A hacker group known as Team GhostShell after lying dormant for more than 3 years, has returned back with a vengeance. In a series of tweets from its official account, the group claimed it has successfully hacked over 300 websites and has posted over 13,000 users’ personal details online with more to come.

Team GhostShell emerges from hiatus, hacks 300 websites around the world from China to Brazil and all in between

The Ghostshell hackers claimed responsibility from a hacking spree that started on 30th June and is still continuing with every country in the world attacked. Their Twitter account is filled with series of tweets containing data of 100s of hacked websites with victim sites’ URLs and links to data dumps containing the alleged user information.

The victim sites came from a variety of locations and backgrounds, ranging from educational institutions in Australia, India, Egypt, China to Korean websites in addition to many .edu websites.

Symantec engineers said, if the GhostShell team’s claims are true, the end number of victims will likely range in the millions, in a threat advisory on the attacks.

“Reports say that the data dumps reveal compromised account details numbering in the thousands at the lower estimate; however, this number is probably much higher,” read the advisory.

The University of Southern California, Princeton UCHV, the University of Delhi and the University of Maryland are among those allegedly which suffered a data breach.

The data dump leaked by the hackers reveals a number of the text files hosted on various websites including hastebin and also includes database and server details. However, some of the files appear to have leaked sensitive information including names, email addresses, physical addresses, Skype names, phone numbers and other personally identifiable data.

Though the hacking has not been independently verified as of now by Symantec researchers said some of the data dumps appear to show passwords which are salted and hashed, whereas others are just hashed — or stored in plain text. Unfortunately, the infamous “123456” password is present.

The Team GhostShell however wanted as many eyeballs it could get and went on to taunt security firm FireEye in one of its tweets

Team GhostShell was very active in 2012 before going on a self imposed hiatus and emerging now. They had leaked hundreds of thousands of records from top universities, and also took on entities such as NASA, the Pentagon, and a variety of government agencies and political groups in 2012. They had later dumped 1.6 million accounts and records from numerous US government departments including ESA, NASA, Pentagon, Federal Reserve and the FBI in December the same year.

The GhostShell normally used SQL injections to compromise databases and steal records. However, it is not known they used the same method in the current spate of hackings.

We are trying to reach out to Team GhostShell and know the motive for the above hack attacks and will keep you updated.