Qasioun
The hackers uploaded the files on the MEGA file hosting service, which when decompressed yielded over 43 GB of data. The announcement was also accompanied by a PasteBin, which included the password file from a breached Linux server belonging to the Syrian National Agency for Network Services, the country's regulatory commission for IT services.
Analysts from Risk Based Security (RBS) analyzed the data dump, which they say contained 38,768 folders with 274,477 files from 55 different website domains, belonging to both national agencies and private companies.
Of the 55 domains, 25 were regime websites (.gov.sy), two .org.sy domains, one .com.sy, and the rest were regular .sy domains.
"The first pass at reviewing the data sparked a sense of some more deja vu, as many of the files appeared to include domains from previous, smaller defacements and leaks," RBS wrote in a blog post on Friday. "Further analysis confirmed our initial suspicions."
A closer look at the stolen files revealed that most of them were generic Plesk (Web hosting panel) files, or from Joomla and Cportal (PHP-Nuke-based portal) installations.
It is worth mentioning that both Cportal and PHP-Nuke, its underlying technology, are extremely outdated, haven't received any recent updates, and are known for having security vulnerabilities. This confirms that the data may be from older hacks, when Cportal was still a popular CMS platforms, especially in the government sector.
In statements made on Twitter, the Cyber Justice Team took a stance against ISIS and the Assad regime, calling them both "killers of the Syrian people."
