A “Russian-speaking and notorious financially-motivated” hacker known as Rasputin has been at it again, hacking into universities and government agencies this time, before attempting to sell the stolen data on the dark web.
According to the security company Recorded Future, which has been tracking the cybercriminal’s breaches, Rasputin’s most recent victims include 63 “prominent universities and federal, state, and local U.S. government agencies.” The security firm has been following Rasputin’s activity since late 2016 when the hacker reportedly breached the U.S. Electoral Assistance Commission and then sold EAC access credentials.
Recorded Future claims that Rasputin’s victims are “intentional targets of choice based on the organization’s perceived investment in security controls and the respective compromised data value. Additionally, these databases are likely to contain significant quantities of users and potentially associated personally identifiable information (PII).”
All of the hacked agencies and universities have been notified about the breaches by Recorded Future. There were 16 U.S. state government victims, 6 U.S. cities and four federal agencies. Additionally, there were two “other” .gov sites which included Fermi National Accelerator Laboratory, “America’s premier particle physics lab,” and the Child Welfare Information Gateway, which is “a service of the Children's Bureau, Administration for Children and Families, U.S. Department of Health and Human Services.”
Rasputin also hit 35 universities, 24 in the U.S., 10 in the U.K. and one in India. Recorded Future actually lists 25 U.S. universities, but a search shows that the University of Delhi is located in New Delhi, India.
The University of Delhi is also listed, but as mentioned previously, Recorded Future noted that it is in the US.
All of the attacks were carried out by SQL injection. Instead of using any of the many available SQLi scanners, Recorded Future reported that Rasputin uses an SQLi tool that he developed himself to locate and exploit vulnerable web apps. The attacks are easy to carry out, “but expensive to defend.”
As it is “easy to remediate” the problem, Recorded Future recommended a different carrot and stick incentive. “Despite the government’s penchant for employing sticks to modify behavior, perhaps it’s time to offer financial carrots to address and fully eradicate this issue.”