NHA defacement

A hacking crew that goes by the name of National Hackers Agency (NHA) has defaced 605 websites in one go after they managed to get access to a server from UK hosting firm DomainMonster.

The attacks, brought to Bleeping Computer's attention by a member of another hacking crew, took place on Tuesday, February 21, and were all cached via Zone-H, a service that archives defaced websites.

All defaced websites were hosted on the IP address, registered to Mesh Digital, the legal name of DomainMonster.com, a company that provides domain registration, website building, and website hosting services.

Company acknowledged hacks

The defaced websites remained online for at least a day before they were taken down. Angry customers took to Twitter, as usual [1, 2, 3].


On Twitter, the company acknowledged the attacks but gave little details about what happened. No official statement was published on its site, or one that we could find. All the websites we checked from the defaced list are now up and running.

At the time of writing, no new defacement hosted on the same server has been registered via Zone-H, meaning DomainMonster either plugged the hole, or NHA has yet to launch another attack.

Website data most likely compromised

It is unknown what kind of access the hackers gained, but since they jumped across different customer accounts, access to the underlying server was most likely achieved. Data hosted on those servers should be considered compromised, and most likely stolen since many defacers often steal and sell data on underground markets.

All defaced websites linked to NHA's Facebook page. On Friday, the page was down, most likely following a user report. NHA continued their defacements in the following days, with new attacks, this time on Russian domains. Bleeping Computer's request for comment was not returned before the Facebook page was taken down.

NHA has three members: Benjamin, GeneralEG, and R3d HaXoR. Benjamin claimed the attacks on DomainMonster, as his name was plastered atop the defacement message.

Many security experts say that website defacements are just like "digital graffiti." Usually, these attacks happen one site at a time, but sometimes one group manages to find and exploit a serious security hole.

During the past month, multiple hacking crews have used a security flaw in the WordPress CMS to deface over 1.5 million web pages, and even escalate their access enough to install backdoors and take over servers.

Related Articles:

UK's NCSC Explains How They Handle Discovered Vulnerabilities

Dell Systems Hacked to Steal Customer Information

First GDPR Sanction in Germany Fines Flirty Chat Platform EUR 20,000

Hackers, Rocky, and 97 Other Movies are Free on YouTube

Infowars Store Affected by Magecart Credit Card Stealing Hack