‘Confidentiality and integrity of affected websites and data are at risk’
PETALING JAYA: The National Cyber Security Agency (Nacsa) says that several government websites, including those of the Health Ministry (MOH), Malaysia Co-operative Societies Commission, Handicraft Development Corporation, and Women’s Development Department, have been hacked.
In an advisory published on Friday via the National Cyber Coordination and Command Centre (NC4) website, a loophole in a content editing extension in the Joomla content management system (CMS) had allowed the websites to be compromised.
“The hack is believed to be due to the vulnerabilities mentioned in the advisory. MOH has been informed and is taking the necessary mitigation actions,” said a Nacsa spokesperson in a statement to The Star.
The advisory further states that the vulnerability allows for a remote attacker to create rogue CMS editor profiles to “upload and execute arbitrary PHP code, resulting in full pre-authentication remote code execution (RCE) on the affected web server”.
This allows attackers to establish persistent backdoor access to the website, with “code execution ability potentially leading to data theft, defacement, lateral movement and complete takeover of the hosting environment”.
This means that the confidentiality, integrity and availability of the affected websites and the data that they possess are at risk.
“Malaysian NCII (National Critical Information Infrastructure) entities affected by this advisory are advised to report indicators or incidents to NC4 as per required under Act 854 for national coordination and intelligence sharing,” the advisory states.
The agency further urges any website using the Joomla Content Editor to update to version 2.9.99.6, or at least 2.9.99.5.
It states that for those unable to meet system requirements for those versions, there are free patches available from the software provider, while advising owners to undertake various mitigation efforts.
MOH’s website appeared to have been hacked by a group calling themselves Mushr00w.
In a statement, MOH said preliminary findings indicated the access disruption was believed to have stemmed from a cybersecurity incident, which it is investigating while system recovery efforts are underway simultaneously to restore the portal.
“The ministry views this incident seriously and is working closely with relevant agencies to strengthen the security of its systems and prevent similar incidents from recurring,” it said.
MOH also advised the public to obtain official information through its verified social media accounts and other official communication platforms while the portal remains inaccessible.
It also apologised for the inconvenience caused and expressed appreciation for the public’s patience, though checks showed that the website – moh.gov.my – was back in action as of yesterday afternoon.
