Scammers target U.S. government and university websites with hacking service ads

Share via:

Multiple U.S. state, county, and local government websites, along with universities and other organizations, have fallen victim to a spam campaign involving scam advertisements for hacking services.

The scammers uploaded PDF files containing these ads to official websites, including those belonging to state governments such as California, North Carolina, New Hampshire, Ohio, Washington, and Wyoming, as well as various educational institutions like UC Berkeley, Stanford, and Yale. Other affected organizations include the Red Cross in Spain, defense contractor Rockwell Collins, and an Ireland-based tourism company.

The PDFs directed users to websites claiming to offer hacking services for popular platforms like Instagram, Facebook, and Snapchat, as well as services to cheat in video games or create fake followers. While some documents appear to have been online for years, it remains unclear who is behind this large-scale spam campaign. John Scott-Railton, a senior researcher at Citizen Lab, discovered the advertisements and noted that while they seem harmless, the flaws exploited could have been used for more malicious purposes.

Upon investigation, TechCrunch found that the websites advertised in the PDFs appeared to be part of a click-fraud scheme to generate money. The cybercriminals used open-source tools to create popups and verify human visitors while secretly generating revenue. However, the advertised hacking services were likely fake, despite some sites displaying alleged victims’ profile pictures and names.

Representatives from affected organizations explained that scammers exploited flaws in online forms or content management system (CMS) software, allowing them to upload the PDFs. Kentico CMS was specifically mentioned by several victims, including the town of Johns Creek, the University of Washington, and Community Colleges of Spokane. However, not all victims attributed the issue to Kentico, and some organizations have already taken steps to remove the PDFs and address the vulnerabilities.

While the immediate impact of this spam campaign appears minimal, the ability to upload content to government websites raises concerns about the overall security of these platforms. The Cybersecurity and Infrastructure Security Agency (CISA) is aware of the compromises and is coordinating with affected entities to provide assistance. It is crucial for organizations to promptly address vulnerabilities and protect against potential threats in order to maintain the integrity and security of their websites.

Disclaimer

We strive to uphold the highest ethical standards in all of our reporting and coverage. We StartupNews.fyi want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.

Popular

More Like this

Scammers target U.S. government and university websites with hacking service ads

Multiple U.S. state, county, and local government websites, along with universities and other organizations, have fallen victim to a spam campaign involving scam advertisements for hacking services.

The scammers uploaded PDF files containing these ads to official websites, including those belonging to state governments such as California, North Carolina, New Hampshire, Ohio, Washington, and Wyoming, as well as various educational institutions like UC Berkeley, Stanford, and Yale. Other affected organizations include the Red Cross in Spain, defense contractor Rockwell Collins, and an Ireland-based tourism company.

The PDFs directed users to websites claiming to offer hacking services for popular platforms like Instagram, Facebook, and Snapchat, as well as services to cheat in video games or create fake followers. While some documents appear to have been online for years, it remains unclear who is behind this large-scale spam campaign. John Scott-Railton, a senior researcher at Citizen Lab, discovered the advertisements and noted that while they seem harmless, the flaws exploited could have been used for more malicious purposes.

Upon investigation, TechCrunch found that the websites advertised in the PDFs appeared to be part of a click-fraud scheme to generate money. The cybercriminals used open-source tools to create popups and verify human visitors while secretly generating revenue. However, the advertised hacking services were likely fake, despite some sites displaying alleged victims’ profile pictures and names.

Representatives from affected organizations explained that scammers exploited flaws in online forms or content management system (CMS) software, allowing them to upload the PDFs. Kentico CMS was specifically mentioned by several victims, including the town of Johns Creek, the University of Washington, and Community Colleges of Spokane. However, not all victims attributed the issue to Kentico, and some organizations have already taken steps to remove the PDFs and address the vulnerabilities.

While the immediate impact of this spam campaign appears minimal, the ability to upload content to government websites raises concerns about the overall security of these platforms. The Cybersecurity and Infrastructure Security Agency (CISA) is aware of the compromises and is coordinating with affected entities to provide assistance. It is crucial for organizations to promptly address vulnerabilities and protect against potential threats in order to maintain the integrity and security of their websites.

Disclaimer

We strive to uphold the highest ethical standards in all of our reporting and coverage. We StartupNews.fyi want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.

Website Upgradation is going on for any glitch kindly connect at [email protected]

More like this

Apple @ Work Podcast: A brief history of the...

Apple @ Work is exclusively brought to you...

ShopBack cuts 24% of staff in push for sustainable...

CEO Henry Chan said ShopBack approached its headcount...

Peyush Bansal of Lenskart Advocates Problem-Centric Business Approach Over...

Lenskart’s CEO and co-founder, Peyush Bansal, delivered a...

Popular

Upcoming Events

Startup Information that matters. Get in your inbox Daily!