The web development and hosting company, Mooonux, has allegedly been compromised, with a threat actor claiming to be selling root shell access and the company’s full database on a cybercrime forum. Mooonux is known for creating and hosting websites for various clients. The breach allegedly affects not only Mooonux but also the eight other websites it hosts, putting a wide range of client data at risk. The total database size is reported to be over 5 GB.
The attacker claims the initial intrusion occurred approximately a month ago by purchasing logs from an information-stealing malware that contained the company’s FileZilla FTP credentials. After gaining initial access and downloading files, the perpetrator alleges they installed a root shell on the server. This, they claim, provided them with persistent administrative access even after the company attempted to secure its systems by changing the FTP password, highlighting a potentially flawed incident response procedure.
The threat actor is attempting to sell this high-level access along with a complete copy of the company’s data for no less than $100. The leaked data allegedly includes a wide array of sensitive information.
Leaked data allegedly includes:
- Full source code (SRC) for Mooonux and its client websites
- Company and client emails
- Complete databases (DBs)
- cPanel and server configuration files
- SSL certificates and private keys
- Client and internal user data
