430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

APT

Russian hacker Rasputin breaches over 60 Universities and Government Agencies

The Russian-speaking black hat hacker Rasputin, hacked systems of more than 60 universities and U.S. government agencies. According to the threat intelligence firm Recorded Future, a Russian-speaking black hat hacker, known as ‘Rasputin‘, hacked systems of more than 60 universities and U.S. Government agencies. We met Rasputin in December 2016, when he was offering for sale stolen login […]

Russian hacker Rasputin breaches over 60 Universities and Government Agencies

The Russian-speaking black hat hacker Rasputin, hacked systems of more than 60 universities and U.S. government agencies.

According to the threat intelligence firm Recorded Future, a Russian-speaking black hat hacker, known as ‘Rasputin‘, hacked systems of more than 60 universities and U.S. Government agencies.

Rasputin victims

We met Rasputin in December 2016, when he was offering for sale stolen login credentials for a U.S. agency that tests and certifies voting equipment, the U.S. Election Assistance Commission (EAC). Rasputin uses to exploit SQL injection flaws to gain access to sensitive information that he can sell on cybercrime marketplaces.

Rasputin uses SQL injection vulnerabilities to compromise target systems and steal sensitive information that he offers for sale cybercrime black markets.

Record Future has been following Rasputin since 2015, according to the security firm he may also have tried to sell details about the SQL injection to a broker working on behalf of a Middle Eastern government.

Based on Rasputin’s historical criminal forum activity, the experts exclude he is sponsored by a foreign government.

Researchers at Recorded Future identified many of the Rasputins’ victims, including ten universities in the United Kingdom, over two dozen universities in the United States, and many US government agencies.

The hacker breached the systems of government agencies includes local, state and federal organizations. The list of victims includes the Postal Regulatory Commission, the Health Resources and Services Administration, the Department of Housing and Urban Development, and the National Oceanic and Atmospheric Administration.

There are plenty of free tools that can be used to find and exploit SQL injection vulnerabilities, including Havij, Ashiyane SQL Scanner, SQL Exploiter Pro, SQLI Hunter, SQL Inject Me, SQLmap and SQLSentinel.Rasputin has been using a SQL injection tool that he developed himself.

Rasputin doesn’t use free SQL injection scanners, he has been using a SQL injection tool that he developed himself instead.

“Financial profits motivate actors like Rasputin, who have technical skills to create their own tools to outperform the competition in both identifying and exploiting vulnerable databases. ” reads the analysis published by Recorded Future.

Experts from Recorded Future highlighted that while the level of awareness of SQL injection vulnerabilities is high, the organizations lack basic secure coding practices.

Recorded Future pointed out that addressing these types of flaws can often be costly, for this reason companies use to postpone the fixing activities until the budget is available, but sometimes it is too late.

“SQLi vulnerabilities are simple to prevent through coding best practices. Over 15 years of high-profile data breaches have done little to prevent poorly programmed web applications and/or third-party software from being used by government, enterprises, and academia.” continues the analysis. “Some of the most publicized data breaches were the result of SQLi including large corporations like Heartland Payment Systems, HBGary Federal, Yahoo!, Linkedin, etc.”

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Rasputin, hacking)