 | A major contributor to this article appears to have a close connection with its subject.(August 2021) |
 | |
| Formation | 2020 |
|---|---|
| Founders | John Jackson |
| Purpose | White hat hacking and security research |
Membership | 5 |
| Website | sakurasamurai |
Sakura Samurai was a white hat hacking and security research group that was founded in 2020. The group is responsible for multiple vulnerability disclosures involving governmental groups and various corporations. [1]
Sakura Samurai was founded in 2020 by John Jackson, also known as "Mr. Hacking". [2] Active members of the group include Jackson, Robert "rej_ex" Willis, Jackson "Kanshi" Henry, Kelly Kaoudis, and Higinio "w0rmer" Ochoa. [2] [3] Ali "ShÄde" Diamond, Aubrey "Kirtaner" Cottle, Sick.Codes, and Arctic are all former members of the group. [4]
In October 2022, Sakura Samurai announced on their Twitter page that they are now inactive due to "various other commitments" the members have individually. [5]
Sakura Samurai discovered exposed git directories and git credential files on domains belonging to the United Nations Environmental Programme (UNEP) and United Nations International Labour Organization (UNILO). These provided access to WordPress administrator database credentials and the UNEP source code, and exposed more than 100,000 private employee records to the researchers. Employee data included details about U.N. staff travel, human resources data including personally identifiable information, project funding resource records, generalized employee records, and employment evaluation reports. [6] [7] Sakura Samurai publicly reported the breach in January 2021, after first disclosing it through the U.N.'s vulnerability disclosure program. [7]
In March 2021, Sakura Samurai publicly disclosed vulnerabilities that affected 27 groups within the Indian government. After finding exposed git and configuration directories, Sakura Samurai were able to access credentials for critical applications, more than 13,000 personal records, police reports, and other data. The group also discovered vulnerabilities relating to session hijacking and arbitrary code execution on finance-related governmental systems. [8] After the issues reported to India's National Critical Information Infrastructure Protection Centre went unaddressed for several weeks, Sakura Samurai involved the U.S. Department of Defense Vulnerability Disclosure Program, and the issues were remediated. [9] [8]
Sakura Samurai discovered and reported a cross site scripting (XSS) vulnerability with Apache Velocity Tools in October 2020. Sophisticated variations of the exploit, when combined with social engineering, could allow attackers to collect the logged-in user's session cookies, potentially allowing them to hijack their sessions. The vulnerable Apache Velocity Tools class was included in more than 2,600 unique binaries of various prominent software applications. Apache acknowledged the report and patched the flaw in November 2020, although Apache did not formally disclose the vulnerability. [10]
The group discovered that Keybase, a security-focused chat application owned by Zoom, was insecurely storing images, even after users had ostensibly deleted them. They reported the vulnerability in January 2021, and disclosed it publicly in February after the bug had been patched and updates had been widely distributed. [11]
Sakura Samurai found a vulnerability in Pegasystems' Pega Infinity enterprise software suite, which is used for customer engagement and digital process automation. The vulnerability, which was first reported to Pegasystems in February 2021, involved a possible misconfiguration that would enable data exposure. [12]
The vulnerability led to Sakura Samurai breaching systems belonging to both Ford Motor Company and John Deere, incidents which were publicly disclosed in August 2021. [13] [14] These breaches were the subject of a 2021 DEF CON presentation by Sick.Codes, which was titled "The Agricultural Data Arms Race: Exploiting a Tractor Load of Vulnerabilities in the Global Food Supply Chain (in good faith)". [15]
In May 2021, Sakura Samurai reported vulnerabilities they had discovered and disclosed to Fermilab, a particle physics and accelerator laboratory. The group was able to gain access to a project ticketing system, server credentials, and employee information. [16]
Equifax Inc. is an American multinational consumer credit reporting agency headquartered in Atlanta, Georgia and is one of the three largest consumer credit reporting agencies, along with Experian and TransUnion. Equifax collects and aggregates information on over 800 million individual consumers and more than 88 million businesses worldwide. In addition to credit and demographic data and services to business, Equifax sells credit monitoring and fraud prevention services directly to consumers.
The Common Vulnerabilities and Exposures (CVE) system provides a reference method for publicly known information-security vulnerabilities and exposures. The United States' National Cybersecurity FFRDC, operated by The MITRE Corporation, maintains the system, with funding from the US National Cyber Security Division of the US Department of Homeland Security. The system was officially launched for the public in September 1999.
A data breach is a security violation, in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen, altered or used by an individual unauthorized to do so. Other terms are unintentional information disclosure, data leak, information leakage and data spill. Incidents range from concerted attacks by individuals who hack for personal gain or malice, organized crime, political activists or national governments, to poorly configured system security or careless disposal of used computer equipment or data storage media. Leaked information can range from matters compromising national security, to information on actions which a government or official considers embarrassing and wants to conceal. A deliberate data breach by a person privy to the information, typically for political purposes, is more often described as a "leak".
Kiteworks, formerly known as Accellion, Inc., is an American technology company that secures sensitive content communications over channels such as email, file share, file transfer, managed file transfer, web forms, and application programming interfaces. The company was founded in 1999 in Singapore and is now based in San Mateo, California.
A bug bounty program is a deal offered by many websites, organizations, and software developers by which individuals can receive recognition and compensation for reporting bugs, especially those pertaining to security exploits and vulnerabilities.
Credential stuffing is a type of cyberattack in which the attacker collects stolen account credentials, typically consisting of lists of usernames or email addresses and the corresponding passwords, and then uses the credentials to gain unauthorized access to user accounts on other systems through large-scale automated login requests directed against a web application. Unlike credential cracking, credential stuffing attacks do not attempt to use brute force or guess any passwords – the attacker simply automates the logins for a large number of previously discovered credential pairs using standard web automation tools such as Selenium, cURL, PhantomJS or tools designed specifically for these types of attacks, such as Sentry MBA, SNIPR, STORM, Blackbullet and Openbullet.
Vault 7 is a series of documents that WikiLeaks began to publish on 7 March 2017, detailing the activities and capabilities of the United States Central Intelligence Agency (CIA) to perform electronic surveillance and cyber warfare. The files, dating from 2013 to 2016, include details on the agency's software capabilities, such as the ability to compromise cars, smart TVs, web browsers including Google Chrome, Microsoft Edge, Mozilla Firefox, and Opera, the operating systems of most smartphones including Apple's iOS, and Google's Android, and computer operating systems including Microsoft Windows, macOS, and Linux. A CIA internal audit identified 91 malware tools out of more than 500 tools in use in 2016 being compromised by the release. The tools were developed by the Operations Support Branch of the C.I.A.
BlueBorne is a type of security vulnerability with Bluetooth implementations in Android, iOS, Linux and Windows. It affects many electronic devices such as laptops, smart cars, smartphones and wearable gadgets. One example is CVE-2017-14315. The vulnerabilities were first reported by Armis, the asset intelligence cybersecurity company, on 12 September 2017. According to Armis, "The BlueBorne attack vector can potentially affect all devices with Bluetooth capabilities, estimated at over 8.2 billion devices today [2017]."
The Equifax data breach occurred between May and July 2017 at the American credit bureau Equifax. Private records of 147.9 million Americans along with 15.2 million British citizens and about 19,000 Canadian citizens were compromised in the breach, making it one of the largest cybercrimes related to identity theft. In a settlement with the United States Federal Trade Commission, Equifax offered affected users settlement funds and free credit monitoring.
ShinyHunters is a criminal black-hat hacker group that is believed to have formed in 2020 and is said to have been involved in numerous data breaches. The stolen information is often sold on the dark web.
A global wave of cyberattacks and data breaches began in January 2021 after four zero-day exploits were discovered in on-premises Microsoft Exchange Servers, giving attackers full access to user emails and passwords on affected servers, administrator privileges on the server, and access to connected devices on the same network. Attackers typically install a backdoor that allows the attacker full access to impacted servers even if the server is later updated to no longer be vulnerable to the original exploits. As of 9 March 2021, it was estimated that 250,000 servers fell victim to the attacks, including servers belonging to around 30,000 organizations in the United States, 7,000 servers in the United Kingdom, as well as the European Banking Authority, the Norwegian Parliament, and Chile's Commission for the Financial Market (CMF).
Robert Willis, also known as rej_ex, is an American hacker and comic book writer. Willis is known for his work with the Sakura Samurai white-hat hacking group, and his contributions to the Wiley Tribe of Hackers book series. In 2015, he helped build a platform and strategy for news syndication for his client Natural News, a fake news website. The site was ultimately used to promote the candidacy of Donald Trump against Hillary Clinton across hundreds of sister websites; the pieces would reach over 30 million people a week prior to the 2016 election.
The Epik data breach occurred in September and October 2021, targeting the American domain registrar and web hosting company Epik. The breach exposed a wide range of information including personal information of customers, domain history and purchase records, credit card information, internal company emails, and records from the company's WHOIS privacy service. More than 15 million unique email addresses were exposed, belonging to customers and to non-customers whose information had been scraped. The attackers responsible for the breach identified themselves as members of the hacktivist collective Anonymous. The attackers released an initial 180 gigabyte dataset on September 13, 2021, though the data appeared to have been exfiltrated in late February of the same year. A second release, this time containing bootable disk images, was made on September 29. A third release on October 4 reportedly contained more bootable disk images and documents belonging to the Texas Republican Party, a customer of Epik's.
Aubrey Cottle, also known as Kirtaner or Kirt, is a Canadian website forum administrator who claims to be an early member of the hacktivist group Anonymous. Cottle was involved with Anonymous during the late 2000s and in its resurgence beginning in 2020, in which the group attempted to combat the far-right conspiracy movement QAnon.
John Jackson also known as Mr. Hacking, is an American security researcher and founder of the white-hat hacking group Sakura Samurai.
Log4Shell (CVE-2021-44228) is a zero-day vulnerability in Log4j, a popular Java logging framework, involving arbitrary code execution. The vulnerability had existed unnoticed since 2013 and was privately disclosed to the Apache Software Foundation, of which Log4j is a project, by Chen Zhaojun of Alibaba Cloud's security team on 24 November 2021. Before an official CVE identifier was made available on 10 December 2021, the vulnerability circulated with the name "Log4Shell", given by Free Wortley of the LunaSec team, which was initially used to track the issue online. Apache gave Log4Shell a CVSS severity rating of 10, the highest available score. The exploit was simple to execute and is estimated to have had the potential to affect hundreds of millions of devices.
Lapsus$, stylised as LAPSUS$ and classified by Microsoft as Strawberry Tempest, was an international extortion-focused hacker group known for its various cyberattacks against companies and government agencies. The group was globally active, and has had members arrested in Brazil and the UK.
