A threat actor on a dark web forum, has made claims about compromising the website of the Port of Seattle. The post asserts that the attacker defaced one of the Port’s website, meetings.portseattle.org, on September 2, 2024. In a concerning development, the same individual alleges they have breached the newly restored version of the site and plan to deface it again on September 21 at 4:00 AM.
The attacker provided proof of access by sharing a directory listing of the allegedly compromised system, displaying multiple folders from the C: drive, including those labeled “apache24,” “mainframe,” and “site_caches.”
In their message, the attacker claimed to have written a script designed to maintain control over the defacement page, ensuring it remains active. This script, allegedly placed in the startup folder, will automatically check for the page’s presence every hour, and, if removed, will reinstate it with a new message.