Data Breach Update: San Francisco Airport Is a Target of a Cyberattack by a State-Sponsored Hacker Group

The San Francisco Airport reported that two of its websites, SFOConnect.com and SFOConstruction.com were the targets of a cyberattack in March 2020.  SFOConnect is a general information site designed for airport staff and contractors, while the SFOConstruction covers projects, bids and contracts related to the transport hub.

The attackers apparently inserted malicious computer code on the websites to steal users’ login credentials.  Users who could have been impacted by the attack include those accessing the websites from outside the airport network through Internet Explorer on a Windows-based personal devices.  According to the Notice of Data Breach, it appears that the attackers may have accessed the impacted users’ usernames and passwords used to log on to those personal devices.  Notably, the targeted information was the visitors’ own Windows credentials, rather than their credentials to the compromised websites. At this time, it’s unclear how many users might have had their log-in credential compromised as a result of the breach.

As reported by Eset and other outlets, the cyber-attack was carried out by the state-sponsored Russian hacker group Dragonfly/Energetic Bear.  The group has been active for the last nine years and has been targeting organizations all over the world in the aviation, defense, and energy sectors, as well as industrial control system firms in the critical infrastructure industries.  According to a recent Global State of Industrial Cybersecurity report from Claroty, 74% of IT security professionals globally are more concerned about a cyberattack on critical infrastructure than an enterprise data breach.  A majority of the U.S. IT security professionals believe that the U.S. critical infrastructure is vulnerable to such attacks.

Ask Clarip today how we can solve your biggest compliance pain points, Call Clarip at 1-888-252-5653