A Russian-speaking black hat hacker known as Rasputin hacked the computer networks of over 60 institutions and US government entities, according to threat intelligence firm Recorded Future.
Rasputin breaches target systems using SQL injection flaws, stealing confidential data that he then sells on underground marketplaces for crimes.
Numerous US government entities, more than two dozen US universities, and ten UK universities were among the many victims of the Rasputins that Recorded Future researchers were able to identify.
The Department of Housing and Urban Development, the National Oceanic and Atmospheric Administration, the Postal Regulatory Commission, and the Health Resources and Services Administration are among the organisations on the victim list.
Source: https://securityaffairs.com/56312/hacking/russian-hacker-rasputin-attacks.html
TPRM report: https://scoringcyber.rankiteo.com/company/hrsagov
"id": "hea1313191123",
"linkid": "hrsagov",
"type": "Breach",
"date": "02/2017",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'industry': 'Government',
'location': 'USA',
'name': 'Department of Housing and Urban Development',
'type': 'Government Entity'},
{'industry': 'Government',
'location': 'USA',
'name': 'National Oceanic and Atmospheric '
'Administration',
'type': 'Government Entity'},
{'industry': 'Government',
'location': 'USA',
'name': 'Postal Regulatory Commission',
'type': 'Government Entity'},
{'industry': 'Government',
'location': 'USA',
'name': 'Health Resources and Services Administration',
'type': 'Government Entity'}],
'attack_vector': 'SQL Injection',
'data_breach': {'type_of_data_compromised': 'Confidential Data'},
'description': 'A Russian-speaking black hat hacker known as Rasputin hacked '
'the computer networks of over 60 institutions and US '
'government entities, according to threat intelligence firm '
'Recorded Future. Rasputin breaches target systems using SQL '
'injection flaws, stealing confidential data that he then '
'sells on underground marketplaces for crimes. Numerous US '
'government entities, more than two dozen US universities, and '
'ten UK universities were among the many victims of the '
'Rasputin that Recorded Future researchers were able to '
'identify. The Department of Housing and Urban Development, '
'the National Oceanic and Atmospheric Administration, the '
'Postal Regulatory Commission, and the Health Resources and '
'Services Administration are among the organisations on the '
'victim list.',
'impact': {'data_compromised': 'Confidential Data'},
'initial_access_broker': {'data_sold_on_dark_web': 'Yes',
'entry_point': 'SQL Injection Flaws'},
'motivation': 'Financial Gain',
'references': [{'source': 'Recorded Future'}],
'threat_actor': 'Rasputin',
'title': 'Rasputin Hacks Over 60 Institutions and US Government Entities',
'type': 'Data Breach',
'vulnerability_exploited': 'SQL Injection Flaws'}