Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Claims of Plone Zero-Day and FBI Hack Likely False

Claims that the FBI’s website has been hacked using a zero-day vulnerability in Plone are false, according to the developers of the open source content management system (CMS).

Claims that the FBI’s website has been hacked using a zero-day vulnerability in Plone are false, according to the developers of the open source content management system (CMS).

On January 1, an individual using the online moniker CyberZeist (aka le4ky) leaked roughly 150 fbi.gov email addresses and what appeared to be SHA-1 password hashes and their associated salts. CyberZeist claimed to have obtained the information after exploiting a Plone zero-day flaw that has allegedly been sold on a dark net website.

Plone developers have analyzed the screenshots and information made available by CyberZeist and determined that it’s likely just a “hoax.”

Plone is considered a highly secure CMS and the fact that it has been used by the FBI and various other U.S. government organizations is not a secret. However, that may be the only truth in the post published on Pastebin by CyberZeist, who claimed to have carried out the attack on behalf of the Anonymous hacktivist movement.

The developers of Plone said some of the screenshots have been faked, while others simply don’t back the hacker’s claims. Furthermore, the leaked email addresses show up in several older leaks, and the password hashes and salts are not consistent with ones generated by Plone. The credentials were allegedly obtained from .bck backup files, but this extension is not used by the Plone backup system.

“It is extremely easy to fake a hack like this. It takes only rudimentary Photoshop skills or use of the Chrome JavaScript developer console,” said Nathan Van Gheem of the Plone security team.

Plone also pointed out that the so-called zero-day exploit is up for sale for 8 bitcoins ($9,000), but since it’s not possible to obtain refunds on such transactions, experts believe it’s likely a scam.

“We don’t believe the FBI is his target; it is more likely that he is using this high profile site as a way of advertising fake exploits for sale,” Plone representatives said. “There is no reason to believe that his claims are genuine and we remind all website administrators to be wary of social media users claiming to have bugs for sale.”

Advertisement. Scroll to continue reading.

CyberZeist has claimed to have found vulnerabilities in the websites of several major organizations in the past months, but he hasn’t provided any solid proof to back his claims. Furthermore, he has been known to fake data leaks.

Related Reading: News or Ruse? How Cyber Situational Awareness Can Help You to Distinguish

Related Reading: Hundreds Access Fake Bank Account Data “Leaked” to Dark Web

Related Reading: eBay, Security Experts Say Database Dump is Fake

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn how the LOtL threat landscape has evolved, why traditional endpoint hardening methods fall short, and how adaptive, user-aware approaches can reduce risk.

Watch Now

Join the summit to explore critical threats to public cloud infrastructure, APIs, and identity systems through discussions, case studies, and insights into emerging technologies like AI and LLMs.

Register

People on the Move

Jessica Newman has joined Sophos as General Manager of Global Cyber Insurance.

Breach and attack simulation solutions provider AttackIQ has appointed Pete Luban as Field Chief Information Security Officer.

Matthew Cowell has assumed the role of VP of Strategic Alliances at Nozomi Networks. He previously served in the same role at Dragos.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.