The malware group appears to have collaborated with a number of other well-known threat actors, including RipperSec and NoName057(16), to launch attacks against Australian organizations.
An Australian disability services organization has restored its services after its website was defaced by malicious actors.
Onestep Disability Services, based in Western Australia, had its site defaced by Malaysian pro-Palestinian threat group DXPLOIT today (December 4) to display pro-Islamic content.
“PAWNED BY DXPLOIT,” the site says, accompanied by the threatening group’s logo.
“WE ARE THE VOICE OF THE FORGOTTEN, THE DEFENDERS OF THE CYBERWORLD, STANDING AGAINST OPPRESSION EVERYWHERE.
“WE ARE NOT HERE FOR FAME, BUT TO REMEMBER A MESSAGE: ISLAM IS THE RELIGION OF PEACE AND MUSLIMS ARE NOT TERRORISTS. TRUE ISLAM DEFENDS ITSELF AGAINST INJUSTICES AND RESPECTS HUMANITY.
The message goes on to reiterate that Islam is a peaceful religion, before ending with the term “GREETZ.”
OneStep Disability Services was unaware of the downgrade when Cyber Daily contacted and revealed the incident, but quickly restored services.
“This morning we were alerted to a defacement of our website by a group identifying itself as DXPLOIT,” the organization said in a statement to Cyber Daily.
“We want to assure our users and stakeholders that we do not store any personal or participant information on our website. As a result, no personal data was accessed or compromised during this incident.
“Upon our discovery, we immediately contacted our web hosting provider, GoDaddy, and took prompt action to resolve the issue. We are pleased to confirm that the website is now fully operational.
“This incident serves as an important reminder to website owners to invest in best-in-class security measures and remain vigilant against emerging cyber threats. Strengthening security protocols can play a crucial role in deterring such attacks.
“We remain committed to maintaining the integrity of our digital platforms and will continue to monitor and improve our cybersecurity measures. »
Although the site has been restored, the degradation is a sign of increasing activity by DXPLOIT.
The Lutheran parish of Maitland, New South Wales, was also hit by the same degradation and the same message. Cyber Daily has contacted the parish for more information.
Although DXPLOIT’s motivations behind the latest series of attacks have not yet been fully understood, it appears that the group is growing stronger through a series of alliances to increase its capabilities.
In these defacement posts, DXPLOIT also mentions a number of other threat actors in hashtags, including NoName057(16), RipperSec, Anonymous Guys, and Al Ahad.
Earlier this month, Anonymous Guys announced the formation of a new hacktivist alliance with Al Ahad and DXPLOIT.
According to FalconFeeds.io, the groups have increased their activity with organizations in several countries, including Australia.
🚨 Alert: New Hacktivist Alliance 🚨
Anonymous Guys has officially announced a new alliance with Al Ahad and DXPLOIT. They have recently targeted Australia, Israel, Ukraine, Nigeria, Canada, United Kingdom, Pakistan, India, United States, Ethiopia, Portugal, Thailand, Taiwan, l ‘Germany and Nepal.… pic.twitter.com/ebByK3O9We
– FalconFeeds.io (@FalconFeedsio) December 1, 2024
Additionally, last month FalconFeeds.io also noted that DXPLOIT was “collaborating” with RipperSec to form “OpsAustralia” to launch attacks against Australian organizations.
🚨Alert🚨
A recent article from DXPLOIT states that they are collaborating with RipperSec to launch attacks against Australia under “OpsAustralia”. This action is in response to Australia’s support for Israel.#Australia #CTI #ThreatIntel #InfoSec #CyberAttack pic.twitter.com/7U6O5vT4Rv
– FalconFeeds.io (@FalconFeedsio) October 23, 2024
And again, three months ago, FalconFeeds.io also noted an alliance formed between DXPLOIT and NoName057(16).
🚨 Alert: New Hacktivist Alliance🚨
A new alliance has been identified between NoName and DXPLOIT.#cti #menacetel #infosec #Cyberattack pic.twitter.com/F0U9lw99yM
– FalconFeeds.io (@FalconFeedsio) August 23, 2024
This is an ongoing story. Cyber Daily will provide updates as DXPLOIT’s business continues to grow.