Security News > 2020 > April > Attack on San Francisco Airport Linked to Russian Hackers
The recently disclosed attack aimed at two websites pertaining to the San Francisco International Airport is the work of Russian hackers, ESET claims.
In March, two SFO websites were found to have been compromised by hackers and injected with code designed to steal visitors' Windows login credentials.
ESET's security researchers took it to Twitter to point out that the attack was targeting Windows credentials and that it should not be linked to Magecart stealers.
"Contrary to what several people reported, #ESETresearch assesses that this attack has no link with any Magecart credential stealer. The targeted information was NOT the visitor's credentials to the compromised websites, but rather the visitor's own Windows credentials," ESET noted.
"The recently reported breach of #SFO airport websites is in line with the TTPs of an APT group known as Dragonfly/Energetic Bear. The intent was to collect Windows credentials of visitors by exploiting an SMB feature and the file:// prefix," ESET said.
News URL
Related news
- Microsoft and DOJ disrupt Russian FSB hackers' attack infrastructure (source)
- North Korean Hackers Using New VeilShell Backdoor in Stealthy Cyber Attacks (source)
- 100+ domains seized to stymie Russian Star Blizzard hackers (source)
- Pro-Ukrainian Hackers Strike Russian State TV on Putin's Birthday (source)
- US, UK warn of Russian APT29 hackers targeting Zimbra, TeamCity servers (source)
- Russian RomCom Attacks Target Ukrainian Government with New SingleCamper RAT Variant (source)
- Crypt Ghouls Targets Russian Firms with LockBit 3.0 and Babuk Ransomware Attacks (source)
- Notorious Hacker Group TeamTNT Launches New Cloud Attacks for Crypto Mining (source)
- Russian hackers deliver malicious RDP configuration files to thousands (source)
- North Korean govt hackers linked to Play ransomware attack (source)