Thursday, March 12, 2009

United States Agency for International Development hacked by Georgia attacker

Russian intelligence enlists RBN to boost Lavrov

With the arrival of Russian Foreign Minister Sergei Lavrov to Azerbaijan, the corresponding U.S.A.I.D. site was hacked by the Russian Business Network. Those who visited the site have had the information on their computers taken:
"The Azerbaijan section at the United States Agency for International Development ( has been compromised and is embedded with malware and exploits serving scripts approximately around the 1st of March." - Dancho Danchev (

The domain which is collecting data from the computers infected when they visited the U.S.A.I.D. Azerbaijani web site,, was registered by Sergey Astakhov. whois data

Those familiar with this blog will note that Mr. Astakhov led the cyber "first strike" against Georgia preceeding the war between Georgia and Russia (

The domain,, has been used for criminal purposes in the past. "It gets even more interesting when the phone back location of the malware is revealed. The domain in question was exclusively used by Russian Business Network/customers of the RBN in January, 2008 part of the cybercrime powerhouse’s attempt to throw sand in the eyes of the community by
issuing fake account suspended notices whereas the malware campaigns remained active." (

As Danchev observes, "Is there such a thing as a coincidence, especially when it comes to three malware embedded attacks in a week affecting Azerbaijan's section, and now their Pakistani ( and Hungarian ( embassies?" (

It should be noted that Mr. Astakhov is a commercial purveyor of potentially illegal sexual material ( as well as, malware. Such is the less than exemplary state of Russia's intelligence services. It is unfortunate that Russia's Foreign Ministry draws upon criminal assets.