Linux Australia revealed over the weekend that one of its servers was breached on March 22. The personal details of conference attendees might have been compromised in the incident.
The organization, which represents roughly 5,000 Australian users and developers of free and open source software, said the attack was discovered on March 24 after the source of numerous error reporting emails sent by a Conference Management (Zookeepr) hosting server was investigated.
The server in question hosted information on previous editions of the PyCon Australia and linux.conf.au conferences organized by Linux Australia.
An investigation has revealed that the malicious actor leveraged a currently unknown vulnerability to trigger a remote buffer overflow and gain root access to the server, said Joshua Hesketh, president of Linux Australia.
“A remote access tool was installed, and the server was rebooted to load this software into memory. A botnet command and control was subsequently installed and started,” Hesketh told Linux Australia members and conference attendees. “During the period the individual had access to the Zookeepr server, a number of Linux Australia’s automated backup processes ran, which included the dumping of conference databases to disk.”