Subj : Russian hackers are attacking innocent companies to get access to To : All From : TechnologyDaily Date : Mon Nov 25 2024 17:15:05 Russian hackers are attacking innocent companies to get access to their neighbors Date: Mon, 25 Nov 2024 17:01:00 +0000 Description: Nearest Neighbor Attack hits US company involved with Ukraine weeks before Russian invasion. FULL STORY ======================================================================Russias APT28 cyber-espionage group linked to Nearest Neighbor Attack Victims Wi-Fi network was protected, but its neighbors wasnt Timing aligns with Russias invasion of Ukraine in 2022 Russian cyber-espionage group APT28, also known as Fancy Bear, was able to breach an American companys network by leveraging a Nearest Neighbor Attack exploiting nearby Wi-Fi networks. First identified by cybersecurity firm Volexity in February 2022, the attack raises new concerns about vulnerabilities in corporate Wi-Fi system. In this case, APT28, tracked by Volexity as GruesomeLarch, targeted a US organization engaged in Ukrainian-related projects, hence the nation-states interest in the firm. nearest neighbour attacks The attack on the unnamed US company a customer of Volexitys whose identity has been protected started with password-spraying to acquire credentials for the victims enterprise Wi-Fi network. The firms multi-factor authentication protected its public-facing systems however the hackers then turned to a nearby organization to force entry. Volexity explained: The threat actor was halfway around the world and could not actually connect to [the victims] Enterprise Wi-Fi network. To overcome this hurdle, the threat actor worked to compromise other organizations who were in buildings within close proximity to [the victims] office. Their strategy was to breach another organization. APT28 exploited a device that was connected to both wired and wireless networks it acted as a bridge to the targets enterprise Wi-Fi, enabling lateral movement and data exfiltration. Furthermore, the attackers used native Windows tools like Cipher.exe to erase evidence, making it hard to detect and trace the attack. They also exploited a zero-day vulnerability in the Windows Print Spooler service to escalate privileges within the victims network. Given that the attack took place weeks before Russias invasion of Ukraine, its geopolitical significance aligns with its choice of target company. Volexity is now advising all companies to monitor suspicious activity, create separate networking environments for Wi-Fi and Ethernet networks, and apply authentication and certificate-based solutions. You might also like This devious Wi-Fi security flaw could let hackers eavesdrop on your network with ease These are the best small business routers around today Weve listed all the best VPN services on offer ====================================================================== Link to news story: https://www.techradar.com/pro/security/russian-hackers-are-attacking-innocent- companies-to-get-access-to-their-neighbours --- Mystic BBS v1.12 A47 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .