Hacker Breaches Over 60 Universities and Other institutions

A financially motivated hacker known as ‘Rasputin’ has reportedly breached and stolen data from over 60 prominent universities in the UK and the US.

Threat ID:: CC-1197
Category:
Threat Severity:: Medium
Threat Vector:
Published:: 23 February 2017 12:00 AM

Report a cyber attack: call 0300 303 5222 or email [email protected]

This content has been archived

This article no longer conforms to NHS Digital's standards for cyber alerts, and may contain outdated or inaccurate information. Use of this information contained in this page is at your own risk

Summary

A financially motivated hacker known as ‘Rasputin’ has reportedly breached and stolen data from over 60 prominent universities in the UK and the US.

Threat details

Rasputin has historically carried out cyber attacks on the servers of the US Election Assistance Commission (EAC) and subsequently sold access to the compromised accounts.

Since December 2016, Rasputin has carried out hacking attempts on over 60 UK and US based universities, all of which were carried out using SQL injection (SQLi) attacks. It is understood Rasputin has developed his own SQLi scanner to locate weaknesses in databases and then compromise the vulnerable targets.

Notable targets include the Universities of Oxford and Cambridge in the UK and Universities of New York, Michigan State and Washington. It is likely these targets were specifically selected for running outdated systems but holding valuable information.

It is believed that Rasputin is yet again selling access to the compromised accounts on dark web black markets.

Remediation steps

Type	Step
	Ensure SQL databases are kept up to date

Last edited: 6 September 2021 10:40 am