• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Jobs
  • Career
    • Cyber Security Training
    • Work from Home
    • Cyber Security Analyst
    • Remote Work – Six Ways to Keep Your Data Safe When Working Remotely
  • Field Guide
  • Newsletter Signup
  • Deals
  • News
AskCyberSecurity.com

AskCyberSecurity.com

Cyber Security News & Information

  • Home
  • Data Privacy
    • Gamers
    • Government Cyber Security
      • Legislation
      • Standards
        • What are the risks of computer security?
        • Medical Cyber Security
    • Social Media
  • Security
    • Data Breaches
    • Scams
    • Malware
  • Software
    • Apps
    • Web Browsers
  • Glossary
    • Cyber Security Acronyms
  • About Ask Cyber Security
    • Authors
    • Contact Us
  • VPN
    • How Do I Know If My VPN is Working?
    • Best Free VPN iPhone
    • Why Use a VPN?
    • NordVPN vs IPVanish
    • Private Internet Access Download
    • Best VPN for Streaming
      • TikTok VPN
    • VPN Porn
    • Computer Security Software – What You Really Need
  • Tutorials
  • ChatGPT
    • Does ChatGPT Save Data?
AskCyber Home » News » Data Breach » San Francisco Airport Data Breach Pinned on Russian Hackers

San Francisco Airport Data Breach Pinned on Russian Hackers

2020-04-15 by Max

San Francisco Airport Data Breach

Data Breach of Two San Francisco International Airport (SFO) Websites Linked to Russian Hackers

Last month two websites, SFOConnect.com and SFOConstruction.com, belonging to San Francisco International Airport (SFO) were hacked. The San Francisco airport data breach is now being pinned on hackers who are believed to be working for the Russian government according to cyber security researchers at ESET.

A data breach notice posted on both website states that the attackers “inserted malicious computer code on these websites to steal some users’ login credentials.” The malware has been removed from both sites. SFO Airport officials forced users to reset their passwords on all airport email accounts and network passwords. Anyone who has accessed either website should change their username and password.

ESET SFO Data Breach Twitter
ESET SFO Data Breach Twitter

ESET says a Russian Advanced Persistent Threat (APT) Group known as Energetic Bear, Crouching Yeti, and Energetic Bear is behind a hack of two of the airport’s websites. One of the breached websites, SFOConnect.com, a website is used by airport employees. The second websites attacked, SFOConstruction.com, is a web portal used by SFO airport construction contractors. Both websites were compromised when hackers deployed malware to steal login credentials from website visitors. According to the airport report, the goal of the attack was to steal website login credentials. But according to ESET, the goal of the attack was to steal Windows login credentials from website visitors.

“The intent was to collect Windows credentials (username/NTLM hash) of visitors by exploiting an SMB feature and the file:// prefix,” the ESET research team said.

The data breach is believed to be the work of a state-sponsored hacking group called Energetic Bear which works at the behest of the Russian government. There is no connection to Magecart malware used to steal credentials from ecommerce websites.

DHS and FBI Alert on Russian Hackers

In 2018, the US Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) issued a joint technical alert warning of cyberthreats from Energetic Bear. The cyberattacks targeted targeting U.S. Government entities as well as critical infrastructure organizations in the energy, nuclear, commercial facilities, water, aviation, and manufacturing sectors since at least 2016. The hackers focus primarily on organization in the Middle East, Turkey, and the United States. The alert reports that the hackers use malware and spear phishing emails to obtain remote access into IT networks. After gaining access, the hackers conducted network reconnaissance, gathered credentials , moved laterally through networks, and collected data on Industrial Control Systems (ICS).

Filed Under: Data Breach Tagged With: Russia

About Max

Max is a Data Privacy Coordinator at a major global law firm and a science fiction author residing in the Philadelphia area. He has been writing for https://www.askcybersecurity.com since early 2017.


LinkedInTwitterFacebook

Primary Sidebar

Subscribe to Our Free Newsletter

We Don't Share or Sell Your Info

Web Browsers

Where Are My Saved Passwords in Chrome?

Google Removes 70 Malicious Browser Add-ons from Chrome Web Store

Firefox 75 Reports Your Browser Settings to Mozilla

Categories

Cyber Security Field Guide

Computer Security While TravelingGet Our Cyber Security Field Guide - Available on Amazon!

Recent Posts

Security Marketing Manager – Remote

Sr. Associate, Cybersecurity Architect – Pfizer

Strategic Customer Success Manager – Cybersecurity – Opportunity for Working Remotely

Top 20 Passwords Leaked on Dark Web

ISU Cybersecurity Leader Job Opening

Cyber Security News

Top 20 Passwords Leaked on Dark Web

… [Read More...] about Top 20 Passwords Leaked on Dark Web

Apple Warns of Actively Exploited Zero-Day Flaw

… [Read More...] about Apple Warns of Actively Exploited Zero-Day Flaw

IRS Stops Facial Recognition System for Online Access

… [Read More...] about IRS Stops Facial Recognition System for Online Access

National Cybersecurity Alliance Announces Data Privacy Week

… [Read More...] about National Cybersecurity Alliance Announces Data Privacy Week

More Cyber Security News

Tags

amazon Android Apple bitcoin China chrome CISA credit card DarkSide DHS DOJ Equifax Europe Facebook facial recognition FBI Firefox FTC games GDPR Google Government hacker identity theft India iPhone Iran IRS LinkedIn Microsoft North Korea PayPal phishing phishing email ransomware REvil Russia smartphone T-Mobile TikTok tutorial VPN WhatsApp WiFi Windows

Government

CBP Looks to Access Airline Passenger Data

FTC Releases Cyber Threat Video Playlist

Malware Found on US Government Funded Phones

UK NCA Reaches Out to Youth to Deter Cybercrimes

More Posts from this Category

Footer

Menu

  • Home
  • About
  • Authors
  • Newsletter Signup
  • PRIVACY POLICY

Search

Why Use a VPN?

NordVPN vs IPVanish VPN Review

NAVIGATION

  • Data Breaches
  • Data Privacy
  • Gamers
  • Scams
  • Malware

MEMBER NJCCIC

New Jersey Cybersecurity & Communications Integration Cell

STAY CONNECTED

  • Facebook
  • Instagram
  • Pinterest
  • YouTube
  • Twitter
  • RSS

Copyright © 2023 · AskCyberSecurity.com · METRONY, LLC

Go to mobile version