Security News > 2020 > April > Attack on San Francisco Airport Linked to Russian Hackers
The recently disclosed attack aimed at two websites pertaining to the San Francisco International Airport is the work of Russian hackers, ESET claims.
In March, two SFO websites were found to have been compromised by hackers and injected with code designed to steal visitors' Windows login credentials.
ESET's security researchers took it to Twitter to point out that the attack was targeting Windows credentials and that it should not be linked to Magecart stealers.
"Contrary to what several people reported, #ESETresearch assesses that this attack has no link with any Magecart credential stealer. The targeted information was NOT the visitor's credentials to the compromised websites, but rather the visitor's own Windows credentials," ESET noted.
"The recently reported breach of #SFO airport websites is in line with the TTPs of an APT group known as Dragonfly/Energetic Bear. The intent was to collect Windows credentials of visitors by exploiting an SMB feature and the file:// prefix," ESET said.
News URL
Related news
- North Korean Kimsuky Hackers Use Russian Email Addresses for Credential Theft Attacks (source)
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)
- Russian hackers use RDP proxies to steal data in MiTM attacks (source)
- Russian hackers deliver malicious RDP configuration files to thousands (source)
- North Korean govt hackers linked to Play ransomware attack (source)
- Hackers increasingly use Winos4.0 post-exploitation kit in attacks (source)
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)
- Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations (source)