好的,我现在需要帮用户总结一篇文章,控制在100字以内。首先,我得仔细阅读文章内容,抓住关键信息。 文章标题是“7,500+ Magento sites defaced in global hacking campaign”,说明有7500多个Magento网站被破坏。接下来,文章提到自2月27日以来,黑客上传了文件到15000多个主机名上,主要是机会主义攻击。 然后,文章提到网络安全公司Netcraft检测到这次活动,并指出攻击者上传了明文的破坏文件。攻击者使用了一些特定的句柄,并且部分页面包含了 geopolitical 消息。攻击可能利用了Magento环境中未认证的文件上传漏洞,影响了多个版本。 被攻击的网站包括丰田、菲亚特等大品牌以及政府和学术机构。文章最后提到这次活动规模大,影响广泛,突显了广泛使用的网络平台如何成为攻击者的机会主义工具。 现在我需要将这些信息浓缩到100字以内。重点包括:7500个Magento网站被破坏,自2月27日起,上传文件到15000个主机名上,利用未认证上传漏洞,影响多个版本和高知名度品牌。 总结时要简洁明了,避免冗长。确保涵盖主要事件、影响范围和原因。 </think> 自2月27日起,黑客针对7,500余个Magento网站发起大规模破坏行动,在15,000余个主机名上上传明文破坏文件。攻击主要利用未认证文件上传漏洞,影响多个版本及高知名度品牌和政府机构。 2026-3-20 22:21:40 Author: securityaffairs.com(查看原文) 阅读量:7 收藏
7,500+ Magento sites defaced in global hacking campaign
Hackers defaced 7,500 Magento sites since Feb 27, uploading files across 15,000 hostnames, mostly opportunistic attacks.
Since February 27, a large-scale campaign has defaced over 7,500 Magento sites, targeting e-commerce platforms, global brands, and government services. According to cybersecurity firm Netcraft, attackers placed plaintext defacement files across more than 15,000 hostnames, directly compromising affected infrastructure.
“Netcraft detected this campaign’s first activity on 27 February 2026, with newly compromised sites continuing to appear at the time of writing.” reads the report published by Netcraft. “Netcraft is tracking this campaign’s activity over 15,000+ hostnames (subdomains) within ~7,500 unique domains. Defacements were uploaded as plaintext files hosted directly on affected infrastructure.”
Defacement pages show handles like L4663R666H05T, Simsimi, Brokenpipe, and Typical Idiot Security, often with “greetz” lists typical of defacement culture.
Most defaced sites hosted simple txt files showing attacker handles, often with “greetz” lists. A few (under 10) contained brief geopolitical messages on 7 March 2026, not central to the campaign. Many pages were reported to Zone-H by “Typical Idiot Security,” suggesting the actor self-reports to gain notoriety.
Initial investigation indicates attackers may exploit unauthenticated file uploads in some Magento environments, affecting Open Source, Enterprise, and B2B editions. Netcraft researchers observed only text defacements. While Adobe released security bulletins, these do not appear directly linked. The campaign resembles the October 2025 SessionReaper attack, with successful test uploads on Magento Community 2.4.9-beta1, highlighting Magento’s widespread global use.
The campaign hit high-profile brands like Toyota, Fiat, Asus, Bandai, FedEx, and others, mostly on subdomains, staging, or regional sites, with some production sites briefly affected. The campaign hit Government and academic domains in Latin America and Qatar, and non-profits. Attackers also defaced several Trump Organization domains, likely as part of broad opportunistic exploitation rather than targeted attacks.
“Given the scale of the activity and the number of high-profile domains affected, this campaign highlights how widely deployed web platforms can become a force multiplier for attackers conducting opportunistic exploitation.” concludes the report.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, defacement)
如有侵权请联系:admin#unsafe.sh