Categories: Government

Rasputin Hacker Attack on Government Agencies and Universities

Background

In February of 2017, the magazine Computer World published the following article:

A “Russian-speaking and notorious financially-motivated” hacker known as Rasputin has been at it again, hacking into universities and government agencies this time, before attempting to sell the stolen data on the dark web.

According to the security company Recorded Future, which has been tracking the cybercriminal’s breaches, Rasputin’s most recent victims include 63 “prominent universities and federal, state, and local U.S. government agencies.” The security firm has been following Rasputin’s activity since late 2016 when the hacker reportedly breached the U.S. Electoral Assistance Commission and then sold EAC access credentials.

Continue scrolling for more...

Recorded Future claims that Rasputin’s victims are “intentional targets of choice based on the organization’s perceived investment in security controls and the respective compromised data value. Additionally, these databases are likely to contain significant quantities of users and potentially associated personally identifiable information (PII).”

All of the hacked agencies and universities have been notified about the breaches by Recorded Future. There were 16 U.S. state government victims, 6 U.S. cities and four federal agencies. Additionally, there were two “other” .gov sites which included Fermi National Accelerator Laboratory, “America’s premier particle physics lab,” and the Child Welfare Information Gateway, which is “a service of the Children’s Bureau, Administration for Children and Families, U.S. Department of Health and Human Services.”

They printed a list of those that were attacked and breached:

I filed FOIA requests to the various agencies attacked, and will archive the responsive records below.

Document Archive

Postal Regulatory Commission

 Documents Released March 31, 2017 [124 Pages, 26.7MB] – It appears that although reported to have been hit by the attack, internal documents show they were clean and there were no signs of an intrusion.

 

Follow The Black Vault on Social Media:

This post was published on August 20, 2017 11:16 pm

John Greenewald

Recent Posts

NASA Cites FOIA Exemption to Withhold James Webb Briefing Content Despite Public Hearing

In September 2024, a Freedom of Information Act (FOIA) request was filed with NASA seeking…

September 3, 2025

FBI Files: Historical Figures & Groups

Background Welcome to the FBI Files on Historical Figures & Groups archive at The Black…

August 31, 2025

FOIA Emails Reveal Pentagon’s Tight Control Over AARO “Historical Record Report” Rollout and Messaging

A new release of Department of Defense (DoD) emails obtained through the Freedom of Information…

August 27, 2025

New Documents Detail Slow, Multi-Agency Vetting of “Skinwalkers at the Pentagon”

Newly released Department of Defense records reveal the prolonged and often frustrating prepublication review process…

August 12, 2025

FAA Records Add ‘Black Cube’ Sighting to Wright-Patterson AFB Drone Mystery

Newly released Federal Aviation Administration (FAA) documents obtained by The Black Vault under FOIA case…

August 11, 2025

FBI Files: Directors, Agents and Personnel of the Central Intelligence Agency (CIA)

Background The Central Intelligence Agency was created in 1947 with the signing of the National…

August 7, 2025