One of the biggest retailers in France with 80 stores worldwide and a couple of multilingual websites.
The company came to HackControl with a concern that they had found some third-party links on their website, which they did not post.
Our team investigated the origin of these links and pretested the resources. After that, we conducted penetration testing and found out that the website used the popular engine WordPress, where those third-party links had been placed using a mobile redirect, which forwarded all users to the paid services and subsequently could withdraw money.
Besides, we detected that the links used the code from a popular link exchange engine. We contacted the monetization providers of paid mobile applications and talked to owners of an affiliated link exchange program. It helped us to discover the payment details that the attacker had used for payment transactions from the users of the hacked websites.
Using those payment details, we Identified the attacker. This information was conveyed to the client and later to law enforcement agencies. The results of the performed activities:
- ● fixed vulnerabilities on the site;
- ● updated all outdated software on the server;
- ● optimized website loading speed;
- ● set up Anti-DDoS protection;
- ● CDN to reduce server load connected;
- ● removed shells and backdoors (s);
- ● penetration testing not only saved clients money but with cyber investigation helped to put cybercriminals in jail.