Thursday, February 25, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

Russian state hackers behind San Francisco airport hack

April 14, 2020
in Internet Security
Russian state hackers behind San Francisco airport hack
585
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Image via Robert Bye on Unsplash

Special feature


Cyberwar and the Future of Cybersecurity


Cyberwar and the Future of Cybersecurity

You might also like

Cloud, data amongst APAC digital skills most needed

Ukraine reports cyber-attack on government document management system

More than 6,700 VMware servers exposed online and vulnerable to major new bug

Today’s security threats have expanded in scope and seriousness. There can now be millions — or even billions — of dollars at risk when information security isn’t handled properly.

Read More

Hackers believed to be operating on behalf of the Russian government have hacked two websites operated by the San Francisco International Airport, cyber-security firm ESET said today.

The hacks took place last month, in March, according to a data breach notification [PDF] posted on the airport’s website.

The attacks targeted SFOConnect.com, a website used by airport employees, and SFOConstruction.com, a portal used by airport construction contractors.

According to San Francisco airport officials, hackers breached both websites and planted code that exploited an Internet Explorer bug to steal login credentials.

But in a series of tweets today, ESET said that “the targeted information was NOT the visitor’s credentials to the compromised websites, but rather the visitor’s own Windows credentials.”

“The intent was to collect Windows credentials (username/NTLM hash) of visitors by exploiting an SMB feature and the file:// prefix,” the ESET research team said.

NTLM hashes can be cracked to obtain a cleartext version of a user’s Windows password. If the hackers had access to the airport’s internal network, they could have used credentials obtained from airport employees to spread laterally through the airport’s internal network to conduct reconnaissance, data theft, or sabotage.

ESET links hack to Energetic Bear

ESET said the attack was carried out by a threat actor known as Energetic Bear (also known as DragonFly). The group has been active since 2010 and is believed to be operating on behalf of the Russian government.

The group is one of Russia’s most active state-sponsored entities. Over the past decade, Energetic Bear hackers have been behind a widespread hacking campaign that targeted organizations all over the world.

The group’s primary targets have been organizations in the energy sector — hence its name of Energetic Bear — primarily those located in the Middle East, Turkey, and the US.

However, Energetic Bear has also recently began targeting other types of organizations as well, including companies in the aerospace and the aviation sector, according to a report published by Kaspersky in April 2018, and an alert sent at the time by the US Department of Homeland Security.

In fact, the same Kaspersky report details a series of watering hole attacks carried out by Energetic Bear that used the same “file:// prefix” trick to obtain NTLM hashes from users visiting a compromised website.

The recently reported breach of #SFO airport websites is in line with the TTPs of an APT group known as Dragonfly/Energetic Bear. The intent was to collect Windows credentials (username/NTLM hash) of visitors by exploiting an SMB feature and the file:// prefix #ESETresearch 1/2 pic.twitter.com/pDZMdb49lb

— ESET research (@ESETresearch) April 14, 2020

“This technique has been used for years by Energetic Bear/DragonFly,” Matthieu Faou, malware researcher at ESET, told ZDNet in an interview today.

We also asked Faou to expand on the company’s tweets and inquired if this hack is part of a new campaign aimed at the US aviation sector.

“We don’t have any information about the compromise of another airport website,” Faou told us. “According to ESET telemetry, the other websites that were recently compromised are mainly media websites in Eastern Europe.”

San Francisco airport reset all employee passwords

Faou said that when they detected the technique being used in the wild again, they “reported it immediately to the SFO airport team” who “quickly removed the malicious piece of code from their website.”

Airport officials than followed through by forcing password resets for “all SFO related email and network passwords on Monday, March 23, 2020.”

The password reset is enough to prevent hackers from using the stolen NTLM hashes for any future intrusions.

However, the two websites were also used by other users who were not airport employees. Through its public security breach announcement, the San Francisco airport is now urging users who recently visited the site to take similar actions and reset their Windows passwords.


Credit: Zdnet

Previous Post

Dell Releases A New Cybersecurity Utility To Detect BIOS Attacks

Next Post

JavaScript Picture-in-Picture API

Related Posts

Cloud, data amongst APAC digital skills most needed
Internet Security

Cloud, data amongst APAC digital skills most needed

February 25, 2021
Ukraine reports cyber-attack on government document management system
Internet Security

Ukraine reports cyber-attack on government document management system

February 25, 2021
More than 6,700 VMware servers exposed online and vulnerable to major new bug
Internet Security

More than 6,700 VMware servers exposed online and vulnerable to major new bug

February 25, 2021
Google funds Linux kernel developers to work exclusively on security
Internet Security

Google funds Linux kernel developers to work exclusively on security

February 25, 2021
Want to pass on your old PCs to good causes? Here’s how to do it while staying secure
Internet Security

Want to pass on your old PCs to good causes? Here’s how to do it while staying secure

February 24, 2021
Next Post
How to Change the WordPress Admin Login Logo

JavaScript Picture-in-Picture API

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Cloud, data amongst APAC digital skills most needed
Internet Security

Cloud, data amongst APAC digital skills most needed

February 25, 2021
SolarWinds Hackers Targeted Cloud Services as a Key Objective 
Artificial Intelligence

SolarWinds Hackers Targeted Cloud Services as a Key Objective 

February 25, 2021
Zorroa Boon AI: No-Code Machine Learning Now Open for Media Use
Machine Learning

Zorroa Boon AI: No-Code Machine Learning Now Open for Media Use

February 25, 2021
B2B Tech Marketing Channels: 2021 Strategies & Plans
Marketing Technology

B2B Tech Marketing Channels: 2021 Strategies & Plans

February 25, 2021
Ukraine reports cyber-attack on government document management system
Internet Security

Ukraine reports cyber-attack on government document management system

February 25, 2021
KPMG, BitGo, and Coin Metrics launch combined offering for public blockchains
Blockchain

KPMG, BitGo, and Coin Metrics launch combined offering for public blockchains

February 25, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Cloud, data amongst APAC digital skills most needed February 25, 2021
  • SolarWinds Hackers Targeted Cloud Services as a Key Objective  February 25, 2021
  • Zorroa Boon AI: No-Code Machine Learning Now Open for Media Use February 25, 2021
  • B2B Tech Marketing Channels: 2021 Strategies & Plans February 25, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates