The source code of the Ukrainian state portal Diya was published. State leaks, summing up

Yesterday, on several shady forums at once, an announcement was published about the sale of databases, allegedly merged from the Ukrainian application Diya

The source code of the Ukrainian state portal Diya was published. State leaks, summing up

I heard about "mother's hackers", but this is the first time I heard about "father's". Everything would be fine, but the unlucky bulbashes turned out to be not only hackers, but also rogues, trying to mislead users of shadow forums, selling a fake for a horse price tag and trying to pass off the leaked source code and database of the portal as information of citizens of Ukraine from the Diya application.

Yesterday, on several shady forums at once, an announcement was published about the sale of databases, allegedly merged from the Ukrainian application Diya. was also published source code of the Ukrainian state portal The author of the post claimed that the data was obtained directly from the Diya database. Examination of the source code and the proposed database fragments confirms that the source codes were indeed obtained from the Diya portal. However, contrary to the assertions of the authors of the post, it becomes clear that the hackers gained access only to the "fronts" of CMS October, used by Ukrainian state resources, the data of citizens were not affected. At least they weren't in this leak.

One gets the impression that the authors of the post, having gained access to the original source code of the portal, decided, as they say, to “ride” on the hype and earn money. The original post listed a horse price of $15,000 for the Diya base. But the scammers were quickly "seen through". So, in the proposed samples, information was found that had never been digitized for Ukrainian government applications at all. It is indeed possible to find user information in the samples, but these are the credentials of the portal's service personnel, and not the leaked information of Ukrainian citizens.

I remind you that on the night of January 14, Ukrainian state websites were defaced.

Screenshot from hacked sites

Government resources were hacked through the CVE-2021-32648 vulnerability in CMS October, information about which has been known since at least August 2021. The first to report this on her Twitter was Zetter , known for her investigations and authorship of the book Countdown to zero day .

A study of the code leaked from the portal shows that Ukrainian state portals have not been updated since spring 2021.

In an attack on state resources, Ukraine suspects Belarusian hackers from UNC1151, who, according to the former head of the cyber police department, are related to the special services of the Republic of Belarus.

I remind you that over the past month this is not the first leak from large state resources in the CIS, at the end of December we published the source code of the Penza branch of the Russian portal of public services, as well as the source codes of several mos.ru subdomains at once.

Earlier in December, a mass defacement of the state websites of the Republic of Dagestan was reported.

Screenshot of defaced state sites of Dagestan

The hackers changed the text of the republic's government websites to messages containing the phrase "Putin is a thief" and the like. However, official statements do not talk about defacement, but about a “DDoS attack”.

Then, according to the Information Leaks channel, the login (superadmin) and password for the hosting of these sites became known “thanks to” the SQL dump with the users table left in the public domain. Unfortunately, the passwords in this table have been hashed with the MD5 algorithm without a salt, and are found instantly in precomputed tables.

I suspect that this is not the last data leak from large government resources in the CIS, because the staff serving them behaves very relaxed and neglects elementary security rules. And there is no need to talk about redtims and constant audits, which are critically needed for such resources.

(Original post in Russian)