According to my investigations, this hack was from outside the internal network, and there was no penetration into the internal network.
The intrusion was on the website of this power plant, and the information was extracted from the database and shared hosting hosted on the servers of D Telecom company, belonging to this power plant.
The website of this power station does not use a public and well-known cms, it is written with asp.net and is exclusive to D Telecom company. Apparently, it uses Homa Portal version v1.13.0; It does not use a known cdn and with who is simple you can extract the real IP of the server and the real address of the server, and you can see that it is hosted on the servers of D Telecom company. It uses Smartermail mail server and leaks information in search engines.
Considering that the video shared by the hacker group is from the phpmyadmin environment, apparently the intrusion was done through one of the modules of this website that belongs to Homa Portal.
A company called D Telecom designed this portal and its customers are not Shazand Power Plant, it can be referred to Information Technology Organization, Iran National Gas Company, Research Center of Islamic Council, Ministry of Sports and Youth, Organization of Records and National Library of the Islamic Republic of Iran, Organization National Productivity of Iran, National Land and Housing Organization, Gas Company of Qazvin Province, Ministry of Energy, Gilan Regional Electric Joint Stock Company, Auditing Organization, Electric Power Distribution Company of Gilan Province, Tehran Regional Water Joint Stock Company, Fars Regional Water Joint Stock Company, Astan Moghadis Hazrat Abdul Azim, Social Security Audit Institute, Sistan and Baluchistan Power Plant Power Generation Management Company, Iran Commodity Exchange, Tehran Municipality, Isfahan Municipality, Fuel Consumption Optimization Company, Mofid Pharmaceutical Company, Iranol Oil Company mentioned. And this can be as dangerous as Chargun’s story!!
#shazand #شازند
//H4shur
