A notorious Russian hacker dubbed Rasputin is believed to have hacked over 60 global organisations, including US government agencies and international universities. Security researchers believe that Rasputin "continues to locate and exploit vulnerable web applications via a proprietary SQL injection (SQLi) tool."
Among those targeted were organisations such as Cornell University, New York University, University of Washington, University of Oxford, University of Cambridge, US National Oceanic and Atmospheric Administration and US Department of Housing and Urban Development. The Russian cybercriminal is also believed to have hacked the US EAC (Election Assistance Commission) in November 2016.
According to researchers at Recorded Future, "These are intentional targets of choice based on the organization's perceived investment in security controls and the respective compromised data value. Additionally, these databases are likely to contain significant quantities of users and potentially associated personally identifiable information (PII)."
Rasputin is allegedly using a self-developed tool search targeted websites for potential SQL injection flaws, however, the hacker is not actively exploiting his victims. Recorded Future VP of intelligence and strategy Levi Gundert said, "[Instead] he is selling the access so that other criminals can exploit the access for their own respective monetization strategies," Dark Reading reported.
Recorded Future claimed that Rasputin attempted to sell at least one unpatched flaw to a buyer allegedly representing a Middle Eastern government. The hackers' latest victims indicate that he may be targeting organisations that do not pay attention to SQL injection flaws. Gundert said, "I think what you see in these attacks, is industry vertical-targeting where there may be less resources for monitoring or prevention via code auditing.
"These attacks are easy to perform, but potentially expensive to proactively remediate because code rewriting—especially in business critical applications—can be time consuming and require multiple human and technical resources."
Recorded Future suggests that in order to mitigate the damaging consequences of such cyberattacks, governments should offer tax and other incentives to firms to adopt best security practices and conduct code audits.