Threat Management, Network Security, Vulnerability Management

SQL vulnerability scanner “Katyusha” operable via Telegram app


A popular new hacking tool recently introduced in an underground forum allows potential adversaries to perform scans for SQL vulnerabilities across many targets simultaneously, while being controlled via smartphone devices using the Telegram messaging application.

Recorded Future's Insikt Group threat intelligence division has uncovered the tool, identified as the Katyusha Scanner. The moniker, which references a World War II-era Soviet rocket launcher, seems appropriate, and not just because the individual who's been marketing the tool on the forum since April 8 is Russian-speaking.

"Similar to the very lethal weapon conceived 70 years ago, Katyusha Scanner allows criminals to initiate large-scale penetration attacks against a massive number of targeted websites with several clicks using their smartphones," Recorded Future wrote in a blog post on Tuesday.

Controllable via a standard web interface in addition to Telegram, the tool also borrows the functionality of Anarchi Scanner, an open-source penetration testing tool, notes the Insikt Group, adding that the tool has been lavished with praise from users due to its apparently superior interface, performance and customer service.

Currently on version 0.8, Katyusha is being sold for $500, with a light version available since May 10 that is half that price. Users can also rent the tool for $200. The pro version not only identifies vulnerable websites, but also is capable of "establishing a strong foothold within vulnerable web servers" and automatically extracting privileged information such as login credentials," the blog post states. The tool also provides users with vulnerable targets' Alexa web ratings, helping them identify sites that are more popular and thus likely more profitable to victimize with SQL injection attacks.

"The availability of a highly robust and inexpensive tool such as Katyusha Scanner to online criminals with limited technical skills will only intensify the compromised data problem experienced by various businesses, highlighting the importance of regular infrastructure security audits," Recorded Future wrote.

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.