- Feb 4, 2016
- 2,520
A Russian-speaking black hat hacker has breached the systems of more than 60 universities and U.S. government agencies, according to threat intelligence firm Recorded Future.
The hacker, tracked by the company as “Rasputin,” typically exploits SQL injection vulnerabilities to gain access to sensitive information that he can sell on cybercrime marketplaces.
Rasputin is the hacker who last year breached the systems of the U.S. Election Assistance Commission (EAC) and attempted to sell more than 100 access credentials, including ones providing administrator privileges. Researchers found evidence that he had been negotiating with a potential buyer representing a Middle Eastern government.
Recorded Future has been monitoring the hacker’s activities and identified many of his victims, including over two dozen universities in the United States, ten universities in the United Kingdom, and many U.S. government agencies.
The list of targeted government agencies includes local, state and federal organizations. The targeted federal agencies are the Postal Regulatory Commission, the Department of Housing and Urban Development, the Health Resources and Services Administration, and the National Oceanic and Atmospheric Administration.
“Financial profits motivate actors like Rasputin, who have technical skills to create their own tools to outperform the competition in both identifying and exploiting vulnerable databases,” said Levi Gundert, VP of intelligence and strategy at Recorded Future.
Experts believe Rasputin picks his targets based on their perceived investment in security controls and the potential value of the stolen data. The personal information stored in the targeted organizations’ databases can be highly valuable, particularly if the data is associated with users in North America and Western Europe.