14 DAY TRIAL // Bozkurtlar (translated as the Grey Wolves), one of Turkey's national extremist movements, has claimed responsibility for the Qatar National Bank (QNB) data breach that exposed 2GB of data containing customer information and internal documents.
The group took responsibility through a series of videos shared on social media. FinTech security researcher Omar Benbouazza found the videos online.
Hackers used SQLi attack against QNB's Oracle database
The researcher also claims that the group's hackers used an SQL injection flaw against the bank's Oracle database used for the bank's backend, which was running outdated and vulnerable software such as Servlet 2.4, JSP and Tomcat 4.2.3.
The SQL injection flaw allowed hackers to take control over the server and install a webshell which they used to exfiltrate data.
As soon as the hackers dumped the bank's database online, they also uploaded videos through which they took responsibility for the hack, mainly on Twitter and YouTube. The hackers used the @bozkurthackers and @ulkuocaklar1923 Twitter accounts to spread their claims.
Many of the videos were taken down, so it took some time for the news to come to the surface. Bozkurtlar did not say "why" it carried out the attack.
Hackers claimed they hacked another bank
In a statement on its website, the bank acknowledged the incident and said the data dumped online is authentic. QNB is one of the Middle East's biggest banks.
At one point during last week, the hacked data popped up online as a service that allowed users to check if their details were part of the leaked data. The service has now shut down after legal threats from QNB.
In an interview with Gulf News, Mohammad Amin Hasbini, senior security researcher, global research and analysis team at Kaspersky Lab Middle East, Turkey and Africa, said the hackers announced a new data breach which they intend to dump online in the following days.
According to Hasbini, this new hack contains data from another major bank, and the stolen files date back to 2011.