Jump to content

Sakura Samurai (group)

Edit links
From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by Twillisjr (talk | contribs) at 19:00, 12 August 2021 (Started article). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

(diff) ← Previous revision | Latest revision (diff) | Newer revision → (diff)
Sakura Samurai
TypeHacking
Membership6


Sakura Samurai is an active Whitehat hacking group that has gained notoriety for breaching multiple high profile government level targets.[1]. One of the founders is computer security specialist John Jackson, who initially gained worldwide media attention after discovering the infamous “Chinese Backdoor” in TCL televisions. [2]. Jackson decided to create Sakura Samurai with inspiration from previous hacking groups.

Founding members include Aubrey Cottle (Kirtaner), creator/owner of 420chan. He was featured in HBO’s Q: Into The Storm Documentary for his work with Anonymous and 420chan. Other founding members include Robert Willis, a hacker who came into the public eye after being featured in the Tribe of Hackers series from Wiley Publishing.[3], and Jackson Henry, who led the groups United Nations Breach [4]


Sick Codes, a current member, has been credited with many large findings in the security research space, notably the John Deere Hack, which was covered by many mainstream media outlets and magazines, including Vice Media and Forbes Magazine. [ref: https://www.vice.com/en/article/4avy8j/bugs-allowed-hackers-to-dox-all-john-deere-owners] [ref: https://www.forbes.com/sites/paulfroberts/2021/04/14/184-years-in-ag-giant-john-deere-awaits-its-first-software-vulnerability/?sh=1e91a54a5108 ]

Pega Infinity The group found a vulnerability in Pega Infinity which enabled severe information disclosure, enabling an individual to get access to an organization's 0auth tokens. The vulnerability was assigned as CVE-2021-27653. [5]

United Nations Breach Sakura Samurai’s first group disclosure was a Breach of the United Nations, which exposed over 100,000 U.N. Environmental Program employees information. The breach involved exposed Git directories and Git credential files. Using the exposed details, Sakura Samurai dumped the contents of the Git files and cloned repositories. The group was able to get information which included details about U.N. staff travel such as employee ID, names, employee groups, travel justification, start and end dates, approval status, destination and length of stay. Sakura Samurai also managed to obtain human resources data that included personally identifiable information as well as project funding resource records, generalized employee records and employment evaluation reports.[ref: https://siliconangle.com/2021/01/11/united-nations-data-breach-exposes-details-100000-employees/] NOT A GOOD SOURCE ESPECIALLY FOR THIS SIZE OF AN ALLEGATION

Indian Government Breach The group was able to cause a large breach across many Indian government assets, and due to the complications from disclosure, the United States Department of Defense Cyber Crime Center opened public communication with the Indian Government to support Sakura Samurai’s disclosure. [ref: https://gadgets.ndtv.com/internet/news/nciipc-cert-in-ncsc-india-government-web-services-critical-vulnerabilities-hack-breach-lapse-delay-response-fix-rajesh-pant-2376203 ] In the massive breach, Sakura Samurai was able to get obtain full access to the following 28 government servers owned by the country of India: Government of Bihar, Government of Tamil Nadu, Government of Kerala, Telangana State, Maharashtra Housing and Development Authority, Jharkhand Police Department, Punjab Agro Industries Corporation Limited, Government of India’s Ministry of Women and Child Development, Government of West Bengal, West Bengal SC ST & OBC Development and Finance Corp., Government of Delhi, Department of Power GNCTD, Government of India, Ministry of New and Renewable Energy, Government of India, Department of Administrative Reforms & Public Grievances, Government of Kerala, Office of the Commissioner for Entrance Examinations, Government of Kerala, Stationery Department, Government of Kerala, Chemical Laboratory Management System, Government of Punjab, National Health Mission, Government of Odisha, Office of the State Commissioner for Persons with Disabilities, Government of Mizoram, State Portal, Embassy of India in Bangkok (Thailand), Embassy of India in Tehran, Consulate General of India, Government of Kerala, Service and Payroll Administrative Repository, Government of West Bengal, Directorate of Pension, Provident Fund & Group Insurance, Government of India, Competition Commission of India, Government of Chennai, The Greater Chennai Corporation, Government of Goa, Captain of Ports Department, and the Government of Maharashtra. [ref: https://www.bleepingcomputer.com/news/security/researchers-hacked-indian-govt-sites-via-exposed-git-and-env-files/ ]

Fermi National Accelerator Laboratory Hack The group targeted testing Fermilab assets after finding they had a vulnerability disclosure program, and was able to gain access to an open ticketing system where multiple sets of credentials were found. These credentials included the labs Trolley and a Server. Other items the group found included an open FTP server and information on employee security groups which included full names, email addresses, and SSO usernames. [ref: https://arstechnica.com/gadgets/2021/05/researchers-peek-into-proprietary-data-of-us-particle-physics-lab-fermilab/]

Keybase The group discovered that Keybase, a privacy application owned by Zoom (Microsoft) was storing images that users deleted on their computers in clear-text, causing privacy concerns with the application. The vulnerability became assigned as CVE-2021-23827. [ref: https://www.zdnet.com/article/keybase-patches-bug-that-kept-pictures-in-cleartext-storage-on-mac-windows-clients/] Apache Velocity Tools Apache Velocity Tools had a vulnerability that impacted many government sites that caused XSS (Cross Site Scripting). Sophisticated variations of the exploit, when combined with social engineering, can let attackers collect the logged-in users' session cookies, with the potential to hijack their sessions.

The Apache Velocity Tools class containing the flaw is included in over 2,600 unique binaries of prominent software applications available to download from npm, PyPI, Maven Central, and other open-source repositories. The vulnerability became assigned as CVE-2021-23827. [ref: https://www.bleepingcomputer.com/news/security/undisclosed-apache-velocity-xss-vulnerability-impacts-gov-sites/]

Members John Jackson (Mr. Hacking) Robert Willis (rej_ex) Aubrey Cottle (Kirtaner) Jackson Henry (Kanshi) Sick Codes Kelly Kauodis


References

  1. ^ https://www.thehindu.com/sci-tech/technology/indias-cyber-defenses-breached-and-reported-govt-yet-to-fix-it/article33888110.ece
  2. ^ https://sea.pcmag.com/tvs/40312/report-researchers-find-backdoor-security-flaw-in-tcl-smart-tvs
  3. ^ https://www.oreilly.com/library/view/tribe-of-hackers/9781119643371/c69.xhtml
  4. ^ https://www.darkreading.com/threat-intelligence/united-nations-security-flaw-exposed-100k-staff-records/d/d-id/1339882]
  5. ^ https://nvd.nist.gov/vuln/detail/CVE-2021-27653
Retrieved from "https://en.wikipedia.org/w/index.php?title=Sakura_Samurai_(group)&oldid=1038469187"