A hacker has reportedly obtained access to the computer systems of prominent universities, including Cornell and New York University, and is attempting to sell that illegal access on the Internet, according to a research firm.
In a report published on Wednesday, the firm Recorded Future published new details about the hacker’s activities. The hacker, known by the name Rasputin, gained notoriety last November for breaching a U.S. agency responsible for election oversight.
The report also provides a list of Rasputin’s other targets, which include the dozens of universities in the U.S. and the U.K., as well as city and state governments, and federal agencies like the Department of Health and Human Services.
Recorded Future learned of the hackers as part of its business monitoring Internet forums on the so-called “dark web,” where criminals often meet to swap or sell hacking information.
The severity of the breaches are unclear but the report says all of them pertain to a common database vulnerability known as SQL injection, which relies on flaws in websites where users can fill out forms or enter other information. In the case of universities, such a flaw might be found on a library webpage or a course selection tool, or any number of other school websites.
Get Data Sheet, Fortune’s technology newsletter.
In theory, the vulnerabilities could allow Rasputin or another hacker to obtain private information about students or staff, or about non-public operations at one of the universities or agencies. But the actual damage would depend on the nature of the vulnerable website, and how connected it was with other parts of the institution.
Recorded Future says it alerted the universities and the rest of Rasputin’s targets prior to publishing news about the vulnerabilities, which would allow them to patch the website flaws before they became more broadly known. Other prominent names among Rasputin’s targets are: the Universities of Oxford and Cambridge, UCLA, the University of Washington, and the cities of Pittsburgh, Pa. and Springfield, Mass.
Recorded Future VP Levi Gundert, in an interview with Fortune, said Rasputin’s efforts reflect a variety of new strategies on the part of criminal hackers. These strategies arose in part because many older forms of online crime, such as selling credit card data, have become less lucrative.
The Rasputin report also highlights an emerging corner of the cyber-security industry that involves firms like Recorded Future and competitor Flashpoint scouring the dark web on behalf of corporate clients.
In the case of Recorded Future, the company employs people who speak a variety of languages, including Arabic and Russian, and who create online personas to interact with the hackers who sell corporate information on the dark web. The firm also says it relies heavily on technology, including artificial intelligence, to broaden the scope of its monitoring activities.
To mitigate the damage caused by hackers, the Recorded Future report suggests that governments should offer tax and other incentives to companies to conduct code audits and other best practices.