Yesterday, we noticed that a government website, www.mines.gov.zw, was hacked. The website belongs to the Ministry of Mines and Mining Development. It was designed and is hosted by the Government Internet Service Provider (GISP) so we sent them an email notifying them just in case they don’t know it yet.
The website was defaced. Along the website’s legitimate text and links appears the words “Hacked By muStireiS”. We have highlighted the text in red in the image below.
Besides the defacement, its not clear (and it’s unlikely) there’s any other damage done. As for how it happened; it could be someone just taking advantage of unpatched known vulnerabilities in the content management system. It could also be the bad old practice of leaving default passwords unchanged. We’ll try to get comment from GISP on the matter.