Nepal Public Service Commission and three other government websites of Nepal have been compromised. The PSC website is hosted by Ministry of Communication and Information Technology, Government of Nepal at IP address 202.45.144.31

The malicious actors have dumped thousands of critical information in the PSC website exploiting a loophole in the file upload functionality of FCKeditor known as FCKeditor arbitrary file upload vulnerability.

FCKeditor contains functionality to handle file uploads and file management. By this vulnerability, the remote attacker could gain unauthorized access to upload malicious executable files on the system leading to privilege escalation RCE and other attacks.

The PSC website contains several critical information dumped by hackers of several countries indicated by text file footprints in the compromised directory.

Link: http://www.psc.gov.np/assets/ uploads/fck_upload/

Critical information which has been compromised includes:

1) Text file containing thousands of leaked personal email addresses and passwords (Screenshot enclosed)

Link: http://www.psc.gov.np/assets/ uploads/fck_upload/5000000% 20Gmail.txt

2) Text file containing Zero-Day exploit containing thousands of leaked Nepal Doorsanchar Company Ltd. ADSL user SSIDs and Passwords. (Screenshot enclosed)

Link:

http://www.psc.gov.np/assets/ uploads/fck_upload/nepal_adsl_ user_ssid_and_password_leak. txt

Preliminary investigation has revealed a group of hacker handles associated with the data breach with each handle responsible for defacing websites of several countries.

The other three government websites of Nepal which have been breached are:

2) iirc.gov.np (screenshot enclosed)

3) dadodhankuta.gov.np (screenshot enclosed)

4) crid.gov.np (screenshot enclosed)

This incident/data breach has also been communicated to Nepal Information Security Response Team and Ministry of Communication and Information Technology, Government of Nepal.

ESET security researcher Lukas Stefanko reported the incident exclusively to Kathmandu Tribune.

Share this: Twitter

Facebook

