Security News > 2020 > April > Attack on San Francisco Airport Linked to Russian Hackers
The recently disclosed attack aimed at two websites pertaining to the San Francisco International Airport is the work of Russian hackers, ESET claims.
In March, two SFO websites were found to have been compromised by hackers and injected with code designed to steal visitors' Windows login credentials.
ESET's security researchers took it to Twitter to point out that the attack was targeting Windows credentials and that it should not be linked to Magecart stealers.
"Contrary to what several people reported, #ESETresearch assesses that this attack has no link with any Magecart credential stealer. The targeted information was NOT the visitor's credentials to the compromised websites, but rather the visitor's own Windows credentials," ESET noted.
"The recently reported breach of #SFO airport websites is in line with the TTPs of an APT group known as Dragonfly/Energetic Bear. The intent was to collect Windows credentials of visitors by exploiting an SMB feature and the file:// prefix," ESET said.
News URL
Related news
- Hacker pleads guilty to SIM swap attack on US SEC X account (source)
- Russian military hackers deploy malicious Windows activators in Ukraine (source)
- BadPilot network hacking campaign fuels Russian SandWorm attacks (source)
- whoAMI attacks give hackers code execution on Amazon EC2 instances (source)
- Microsoft: Russian-Linked Hackers Using 'Device Code Phishing' to Hijack Accounts (source)
- Microsoft: Hackers steal emails in device code phishing attacks (source)
- Chinese Hackers Exploit MAVInject.exe to Evade Detection in Targeted Cyber Attacks (source)
- Bybit Hack Traced to Safe{Wallet} Supply Chain Attack Exploited by North Korean Hackers (source)
- Hackers Exploit Paragon Partition Manager Driver Vulnerability in Ransomware Attacks (source)
- Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail (source)