The Department for Environment, Food & Rural Affairs (DEFRA) website in the U.K. fell victim to a redirect attack in which the cybercriminals used an open redirect to send visitors to fake OnlyFans pages.
Threat actors exploited an open redirect that appeared to be a valid UK government URL but instead routed visitors to the bogus OnlyFans dating site.
The website widely used services that offer users access to adult content for a subscription so they could steal users’ personal information.
TPRM report: https://scoringcyber.rankiteo.com/company/defra
"id": "dep225811123",
"linkid": "defra",
"type": "Cyber Attack",
"date": "01/2023",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'Government',
'location': 'U.K.',
'name': 'Department for Environment, Food & Rural '
'Affairs (DEFRA)',
'type': 'Government'}],
'attack_vector': 'Open Redirect',
'data_breach': {'type_of_data_compromised': 'Personal Information'},
'description': 'The Department for Environment, Food & Rural Affairs (DEFRA) '
'website in the U.K. fell victim to a redirect attack in which '
'the cybercriminals used an open redirect to send visitors to '
'fake OnlyFans pages.',
'impact': {'data_compromised': ['Personal Information'],
'systems_affected': ['DEFRA Website']},
'initial_access_broker': {'entry_point': 'Open Redirect'},
'motivation': 'Theft of personal information',
'post_incident_analysis': {'root_causes': 'Open Redirect Vulnerability'},
'title': 'DEFRA Website Redirect Attack',
'type': 'Redirect Attack',
'vulnerability_exploited': 'Open Redirect'}