According to researchers, one probability is that the attackers used compromised credentials to sign into the Expression Engine used by the Trump campaign website.
Last week, a cyber security researcher claimed to hack into the Twitter account of the US President Donald Trump by simply guessing its password. Now, it was been reported that hackers briefly hacked and defaced President Trump’s campaign website on Tuesday.
The hackers left a deface page on the website’s homepage displaying the message “This site was seized.”
The targeted website (donaldjtrump.com) is known for hosting details about events, rallies, and fundraisings.
A further look at the deface page revealed that the unknown hackers blamed Trump for spreading fake news. The message went on to blame the government of the United States over the origin of Coronavirus.
The hackers also claimed to hack “multiple devices that gave them full access to trump and relatives.” However, it is unclear which devices or relatives the attackers were referring to.
The deface page also included 2 cryptocurrency wallet IDs, asking users to send funds in Monero coins so hackers can leak the alleged confidential information they stole as a result of the hack.
Although it is unclear how the hackers got access to Trump’s website, according to IT security researchers at Wordfence, it is possible that attackers used compromised CMS credentials to breach the site’s security.
“The campaign website made use of the Expression Engine CMS, a commercial CMS with few known vulnerabilities. The site used Cloudflare as a content delivery network (CDN). Since the site was protected by Cloudflare, the attackers would not have been able to access the site via FTP or SSH unless they knew the Origin IP, that is, the IP of the server hosting the site,” noted Mark Maunder of Wordfence.
To go through Maunder’s full technical analysis visit the company’s blog post here.
At the time of publishing this article, the campaign site was restored and content left by hackers was removed. Nevertheless, this is not the first time that Trump’s campaign website came under a cyber attack. In 2016, the website suffered a series of DDoS attacks which forced it to go offline for hours.