‘Rasputin’ Hacker Targets 60 Universities, Government Agencies

Image Credit: Recorded Future.

More than 60 universities and government agencies in the United States and the United Kingdom have been attacked by a well-known international hacker. Dubbed “Rasputin,” the Russian-speaking “notorious financially-motivated cyber criminal [who] continues to locate and exploit vulnerable web applications via a proprietary SQL injection tool” is behind the latest round of attacks, according to intelligence firm Recorded Future.

Commonly used SQL injection (SQLi) scanners including Havij, Ashiyane SQL Scanner, SQL Exploiter Pro, SQLI Hunter and countless others are used to automate the identification and exploitation of vulnerable websites and associated databases, the firm explained in a blog post. Over the last few months, Rasputin was able to breach databases at prominent universities, as well as federal, state and local governments using an SQLi tool that he developed himself.

“Financial profits motivate actors like Rasputin, who have technical skills to create their own tools to outperform the competition in both identifying and exploiting vulnerable databases,” Recorded Future wrote. “North American and Western European databases contain information on customers or users that are historically valued at a premium in the underground economy. Buyer demand typically centers on access to American, Canadian or U.K. database access.”

Recorded Future first discovered criminal activity targeting government organizations back in December. On Dec. 28, Recorded Future contacted the Federal Bureau of Investigation and the Department of Homeland Security. But SQLi attacks are nothing new, according to the firm, and have been around for more than 15 years since databases first appeared on the internet. Large organizations often fall prey to SQLi which is preventable, the firm wrote, with coding best practices. “Until organizations have an incentive (carrots or sticks) to properly audit internal and vendor code before production use, this problem will continue into the foreseeable future.”

The U.S. universities that were attacked are:

To see the complete list of affected universities and governments, visit the Recorded Future site here.

About the Author

Sri Ravipati is Web producer for THE Journal and Campus Technology. She can be reached at [email protected].

Featured

  • SXSW EDU

    Explore the Future of AI in Higher Ed at SXSW EDU 2025

    This March 3-6 in Austin, TX, the SXSW EDU Conference & Festival celebrates its 15th year of exploring education's most critical issues and providing a forum for creativity, innovation, and expression.

  • man working on laptop outdoors

    Digital Leadership Must-Haves for 2025: A CDO's Picks

    Now that he's more than a year and a half into his chief digital officer role at NJIT, we've asked Ed Wozencroft to reflect on his areas of concentration: What work must digital leaders "own" in 2025?

  • From Fire TV to Signage Stick: University of Utah's Digital Signage Evolution

    Jake Sorensen, who oversees sponsorship and advertising and Student Media in Auxiliary Business Development at the University of Utah, has navigated the digital signage landscape for nearly 15 years. He was managing hundreds of devices on campus that were incompatible with digital signage requirements and needed a solution that was reliable and lowered labor costs. The Amazon Signage Stick, specifically engineered for digital signage applications, gave him the stability and design functionality the University of Utah needed, along with the assurance of long-term support.

  • digital artwork of glowing, interconnected neural-like shapes on a gradient background of deep blue and vibrant purple

    Google Announces Upgrade to Flagship Gemini AI Platform, Enhancing Multimodal Capabilities

    Google has launched Gemini 2.0, designed to empower enterprise users and developers with advanced multimodal capabilities and enhanced performance.