In October 2022, Sakura Samurai announced on their Twitter page that they are now inactive due to "various other commitments" the members have individually.[5]
Notable work
Governmental groups
United Nations
Sakura Samurai discovered exposed git directories and git credential files on domains belonging to the United Nations Environmental Programme (UNEP) and United Nations International Labour Organization (UNILO). These provided access to WordPress administrator database credentials and the UNEP source code, and exposed more than 100,000 private employee records to the researchers. Employee data included details about U.N. staff travel, human resources data including personally identifiable information, project funding resource records, generalized employee records, and employment evaluation reports.[6][7] Sakura Samurai publicly reported the breach in January 2021, after first disclosing it through the U.N.'s vulnerability disclosure program.[7]
India
In March 2021, Sakura Samurai publicly disclosed vulnerabilities that affected 27 groups within the Indian government. After finding exposed git and configuration directories, Sakura Samurai were able to access credentials for critical applications, more than 13,000 personal records, police reports, and other data. The group also discovered vulnerabilities relating to session hijacking and arbitrary code execution on finance-related governmental systems.[8] After the issues reported to India's National Critical Information Infrastructure Protection Centre went unaddressed for several weeks, Sakura Samurai involved the U.S. Department of Defense Vulnerability Disclosure Program, and the issues were remediated.[9][8]
Corporations
Apache Velocity Tools
Sakura Samurai discovered and reported a cross site scripting (XSS) vulnerability with Apache Velocity Tools in October 2020. Sophisticated variations of the exploit, when combined with social engineering, could allow attackers to collect the logged-in user's session cookies, potentially allowing them to hijack their sessions. The vulnerable Apache Velocity Tools class was included in more than 2,600 unique binaries of various prominent software applications. Apache acknowledged the report and patched the flaw in November 2020, although Apache did not formally disclose the vulnerability.[10]
Keybase
The group discovered that Keybase, a security-focused chat application owned by Zoom, was insecurely storing images, even after users had ostensibly deleted them. They reported the vulnerability in January 2021, and disclosed it publicly in February after the bug had been patched and updates had been widely distributed.[11]
Pega Infinity and related breaches
Sakura Samurai found a vulnerability in Pegasystems' Pega Infinity enterprise software suite, which is used for customer engagement and digital process automation. The vulnerability, which was first reported to Pegasystems in February 2021, involved a possible misconfiguration that would enable data exposure.[12]
The vulnerability led to Sakura Samurai breaching systems belonging to both Ford Motor Company and John Deere, incidents which were publicly disclosed in August 2021.[13][14] These breaches were the subject of a 2021 DEF CON presentation by Sick.Codes, which was titled "The Agricultural Data Arms Race: Exploiting a Tractor Load of Vulnerabilities in the Global Food Supply Chain (in good faith)".[15]
Fermilab
In May 2021, Sakura Samurai reported vulnerabilities they had discovered and disclosed to Fermilab, a particle physics and accelerator laboratory. The group was able to gain access to a project ticketing system, server credentials, and employee information.[16]
Cherry blossom Nihamanchi Sakura Gakuin discography Sakura Sakura Sakura Kinomoto Sakura Wars Cardcaptor Sakura Sakura Sakura (video game) Sakura Haruno Sakura, Chiba Sakura Matou List of Cardcaptor Sakura episodes Sakura Drops Sakura Wars: So Long, My Love Sakura-Variationen Sakura Hime: The Legend of Princess Sakura Sakura, Tochigi Sakura-Con Cardcaptor Sakura: Clear Card Sakura Samurai (group) List of Sakura Wars media Sakura Pakk Sakura-shimmachi Station Sakura Wars (2019 video game) Sakura Domain Sakura Tange Sakura-class destroyer List of Cardcaptor Sakura characters Sakura Spirit The Sa…
kura Bank Sakura Fujiwara Sakura Wars: The Gorgeous Blooming Cherry Blossoms Sakura Kasugano Cardcaptor Sakura Movie 2: The Sealed Card Sakura Wars 2: Thou Shalt Not Die Sakura (musician) Sakura Wars: The Animation Mansa Sakura Sakura Wars 3 Sakura (Ikimonogakari song) Keisei Sakura Station Street Fighter: Sakura Ganbaru! Rock M. Sakura Sakura (Tsubasa: Reservoir Chronicle) Sakura Station (Chiba) Sakura Oda Emi Sakura Japanese ship Sakura Cardcaptor Sakura: The Movie Sakura Miyawaki Sakura Hauge The Ark Sakura Sakura Wars 4: Fall in Love, Maidens Sakura (disambiguation) Sakura Diaries Momoko Sakura Sakura Wars: The Radiant Gorgeous Blooming Cherry Blossoms Sakura Color Products Corporation Sakura Nogawa Sakura Ando Sakura Wars (video game) Sakura (TV series) Sakura Gakuin Sakura-ku, Saitama Sakura Wars (TV series) Sakura Yokomine Sakura Station Sakura Genesis (2023) Sakura Press Mana Sakura Sakura no Ki ni Narō Sakura Mori Yae's Sakura Ayane Sakura Season of the Sakura Sakura-dōri Line Sakura Sōgorō Sakura Tsukuba Sakura, Minnade Tabeta Sakura (album) List of Sakura Wars characters Tamakichi Sakura Sakura Genesis 2017 Sakura Yumoto Golden Sakura List of Sakura Wars episodes Sak