Russian Black hat hacks over 60 U.S. universities, Govt. agencies


 A Russian-speaking black hat hacker who goes by the alias of Rasputin has breached systems of over 60 universities and U.S. government agencies, threat intelligence firm Recorded Future says.

 According to Recorded Future, the hacker typically exploits SQl injection vulnerabilities to gain access to classified information which he then sells on cybercrime market place. The firm who has been monitoring the hacker for some time now, said that Rasputin was the man who breached the systems of the U.S. Election Assistance Commission (EAC) and was making attempt to sell over 100 access credentials to a potential buyer representing a Middle East government.

Also Read: Anonymous Hackers declares open war on Donald Trump, Dumps White House direct phone line on the web

 Recorded Firm went on to identity some of the hackers victim, many of which includes ten universities in the UK, over a 2 dozen universities in the U.S. and other U.S. government agencies. The list of targeted agencies in the U.S. includes both local, state and federal organisations. List of the Universities and organizations who suffered the breach can be found here.

  Hackers have been exploiting SQL vulnerabilities for a very long time and the availability of free tools such as SQLSentinel, SQL Scanner, SQL Exploiter Pro, SQLI Hunter, SQL Inject Me, Havij, Ashiyane and SQLmap have only given rise to much attack.

Also Read: Hacker who hacked the "Hacking Team" arrested by the police

 According to Levi Gundert, VP of intelligence and strategy at recorded Future. "Financial profits motivates actors like Rasputin, who have technical skills to create their own tools to outperform the competition in both identifying and exploiting vulnerable databases," he said referring to the tool the hacker created.

  Gundert went on to say that the problem and solution are well understood but replacing vulnerable systems are always expensive to run and often take some which gives most hackers the avenue to exploit.

No comments

Powered by Blogger.