Vulnerability Management

U.S. Consulate in St. Petersburg hacked

Hundreds of webpages of the U.S. Consulate General in St. Petersburg, Russia, were compromised by hackers this week.

Researchers at Sophos said today that the attack resulted in 400 vandalized pages – the majority of them hosted in Russia.

Cybercriminals used malicious code, known as Mal/ObfJS-C, to compromise the site. The malware attempts to load a trojan from a remote server after exploiting several known browser vulnerabilities.

The trojan could be used to steal data, according to Sophos researchers.

Ron O'Brien, senior security analyst at Sophos, told today that he couldn't rule out the possibility that the hack specifically targeted the Consulate's server.

“My first impression is that, because [the attack] was as overt as it was, it was more vandalism than malice. Given the nature of the embedded malware and the fact that this allows you to search for documents and files, the scenario, if it were to play itself out, would be really bad,” he said. “Because of the nature of the malware, you would think that it's looking for documents and files that are of a sensitive nature.”

O'Brien said that the attack does not appear to be related to recent attacks on Western servers that have been blamed on Chinese hackers. The Chinese government has denied any role in the hackings.

Sophos' U.K.-based researcher Fraser Howard said Wednesday on the company's research blog that Mal/ObfJS-C attempts to load malicious content from two attack sites hosted in the United States.
Howard said that Consulate General was likely not exclusively attacked.

“So, to answer the question of whether the U.S. Consulate General site was specifically targeted in this attack – my answer is no, probably not," said Howard. "The prevalence of other, much smaller sites compromised in exactly the same way, in just seven days worth of data, suggests that the hackers just happened to have caught a big fish as they trawled for vulnerable servers,” he said on the SophosLab blog. “It just goes to show that security is important on all machines hosting both small and large websites.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.