Anonymous has hacked into the servers of Armscor, a South African arms procurement agency and leaked financial data belonging to agency’s officials, clients and trade details!

The operation OpAfrica has found another victim, this time, it’s the Pretoria-based arms procurement agency Armscor or Armaments Corporation of South Africa. The breach which took place just a few hours ago can be labeled as a massive hack as Armscor is the official arms procurement agency of the South African Department of Defence.

The hacktivist behind this hack is the same one who previously hacked two Israeli arms importers and leaked client details in public for operation OpIsrael, however, this time the hacker has chosen the dark net to leak 63 MB data in HTML files that include invoices numbers, order numbers, invoice amount etc of Airbus, Thales group, Rolls Royce, Eads or EADS (European Aeronautic Defence and Space Company), Denel etc.

“It was simple SQL injection: Anonymous

In an exclusive conversation with Anonymous hacker, HackRead was told that he has access to 19938 supplier IDs, names and their plaintext passwords. The passwords, in this case, allow anyone to login into Settlement System as supplier or manager. The hacker also disclosed that the agency’s site has several bugs including one that allows anyone to open a settlement by simply using supplier ID without the password.

Must Read: Anonymous Targets African Governments Against Corruption

bae00
Anyone with access to supplier ID can open aa settlement on Armscor settlement system
Screen Shot 2016-07-10 at 10.10.55 PM
Passwords have been blurred from our side!

When asked what security flaw was used to bypass site’s security the hacker said: 

“It was simple SQL injection.”

Upon an in-depth scan, we found customer and trade data including customer IDs, company and trading Address, customer name, order Numbers, invoice numbers, invoice amount, invoice balance, invoice dates, transaction dates and received cheque numbers from 2014 to 2016. 

There are about 104 HTML files, however, we can confirm that no emails or passwords have been leaked but transaction details for high profile defence and aeronautical companies are out for public access.

Must Read: Anonymous Leaks 1TB of Data from Kenya’ Ministry of Foreign Affairs

In the past, the same Anonymous hacktivist hacked UN Climate Change’ Webcast Streaming Service Provider, UN Climate Change website and South African Government Contractor for operation OpMonsanto.

Waqas

Waqas Amir is a Milan-based cybersecurity journalist with a passion for covering latest happenings in cyber security and tech world. In addition to being the founder of this website, Waqas is also into gaming, reading and investigative journalism.