A hacker tied to the November 2016 penetration of the US Election Assistance Commission and subsequent database sale has successfully targeted 60+ government agencies and universities by leveraging the same attack method: SQL injection. According to a report by Recorded Future, whose researchers scour the dark web for threat intelligence, the hacker uses a proprietary SQLi tool to gain access to the targets’ databases and then sells access to them to other cyber crooks. The firm has dubbed the Russian-speaking hacker “Rasputin”, and has been following his exploits for a while now.
View full story
ORIGINAL SOURCE: Help Net Security