Cyber Incident Victim: Fosshub

On or around August 1, 2016, the hacking group PeggleCrew compromised the Fosshub software distribution platform by exploiting an unauthenticated network service. This breach provided unauthorized access to Fosshub's infrastructure, including FTP credentials and Google Apps-hosted email accounts. The attackers altered legitimate software installers hosted on the site, specifically targeting downloads for Audacity and Classic Shell applications. They embedded malicious code within these installers designed to overwrite the Master Boot Record (MBR) of affected systems. When users executed the compromised installers and subsequently rebooted their devices, the malware activated and displayed a prank message. While the MBR modification disrupted normal system operation, the effects were reversible without permanent data destruction. Fosshub administrators became aware of the compromise and temporarily took the entire website offline to contain the incident and prevent further malware distribution.

The incident represented an escalation in PeggleCrew's activities, as the group had previously gained attention for hijacking high-profile Twitter accounts belonging to musician Ringo Starr and the National Football League (NFL). By targeting a software distribution platform rather than individual social media accounts, the attackers expanded their impact to potentially affect thousands of downloaders seeking legitimate open-source tools. The compromise lasted until Fosshub's administrators detected the breach and suspended service. No evidence suggested persistent data theft or espionage objectives beyond the MBR hijacking prank. The temporary website takedown disrupted Fosshub's operations but allowed remediation efforts to remove the malicious payloads and restore legitimate software offerings.