Bleeping Computer
The hack of employee web sites belonging to the San Francisco International Airport has been attributed to a Russian hacker group who used the SMB protocol to steal Windows passwords.
Last week BleepingComputer broke the story that the San Francisco International Airport (SFO) experienced a cyberattack in March 2020 whose goal was to steal the Windows logins for employees of the airport.
At the time, it was not known precisely how this was being done, but new information posted on Twitter by cybersecurity firm ESET sheds some light on the attack and how it was used to target Windows logins.
According to ESET’s tweet, after hacking into the SFO employee sites SFOConnect.com and SFOConstruction.com, the attackers added JavaScript that injects a 1×1 image into the website’s HTML.