Hackers breach US firm over WiFi from Russia in Nearest Neighbor Attack

pMicrosoft rereleases Exchange updates after fixing mail deliveryppSpyLoan Android malware on Google play installed 8 million timesppNew Windows Server 2012 zeroday gets free unofficial patchesppTor needs 200 new WebTunnel bridges to fight censorshipppMozilla really wants you to easily set Firefox as default Windows browserppIts only 50 to train for these CompTIA exams in this course dealppGoogle Chromes AI feature lets you quickly check website trustworthinessppNovel phising campaign uses corrupted Word documents to evade securityppHow to access the Dark Web using the Tor BrowserppHow to enable Kernelmode Hardwareenforced Stack Protection in Windows 11ppHow to use the Windows Registry EditorppHow to backup and restore the Windows RegistryppHow to start Windows in Safe ModeppHow to remove a Trojan Virus Worm or other MalwareppHow to show hidden files in Windows 7ppHow to see hidden files in WindowsppRemove the Theonlinesearchcom Search RedirectppRemove the Smartwebfindercom Search RedirectppHow to remove the PBlock adware browser extensionppRemove the Toksearchesxyz Search RedirectppRemove Security Tool and SecurityTool Uninstall GuideppHow to Remove WinFixer Virtumonde Msevents TrojanvundoppHow to remove Antivirus 2009 Uninstall InstructionsppHow to remove Google Redirects or the TDSS TDL3 or Alureon rootkit using TDSSKillerppLocky Ransomware Information Help Guide and FAQppCryptoLocker Ransomware Information Guide and FAQppCryptorBit and HowDecrypt Information Guide and FAQppCryptoDefense and HowDecrypt Ransomware Information Guide and FAQppQualys BrowserCheckppSTOPDecrypterppAuroraDecrypterppFilesLockerDecrypterppAdwCleanerppComboFixppRKillppJunkware Removal ToolppeLearningppIT Certification CoursesppGear GadgetsppSecurityppBest VPNsppHow to change IP addressppAccess the dark web safelyppBest VPN for YouTubeppppRussian state hackers APT28 Fancy BearForest BlizzardSofacy breached a US company through its enterprise WiFi network while being thousands of miles away by leveraging a novel technique called nearest neighbor attackppThe threat actor pivoted to the target after first compromising an organization in a nearby building within the WiFi rangeppThe attack was discovered on February 4 2022 when cybersecurity company Volexity detected a server compromise at a customer site in Washington DC that was doing Ukrainianrelated workppAPT28 is part of Russias military unit 26165 in the General Staff Main Intelligence Directorate GRU and has been conducting cyber operations since at least 2004ppThe hackers which Volexity tracks as GruesomeLarch first obtained the credentials to the targets enterprise WiFi network through passwordspraying attacks targeting a victims publicfacing serviceppHowever the presence of multifactor authentication MFA protection prevented the use of the credentials over the public web Although connecting through the enterprise WiFi did not require MFA being thousands of miles away and an ocean apart from the victim was a problemppSo the hackers became creative and started looking at organizations in buildings nearby that could serve as a pivot to the target wireless networkppThe idea was to compromise another organization and look on its network for dualhome devices which have both a wired and a wireless connection Such a device eg laptop router would allow the hackers to use its wireless adapter and connect to the targets enterprise WiFippVolexity found that APT28 compromised multiple organization as part of this attack daisychaining their connection using valid access credentials Ultimately they found a device within the proper range that could connect to three wireless access points near the windows of a victims conference roomppUsing a remote desktop connection RDP from an unprivileged account the threat actor was able to move laterally on the target network searching for systems of interest and to exfiltrate datappThe hackers ran servtaskbat to dump Windows registry hives SAM Security and System compressing them into a ZIP archive for exfiltrationppThe attackers generally relied on native Windows tools to keep their footprint to a minimum while collecting the datappVolexity further determined that GruesomeLarch was actively targeting Organization A in order to collect data from individuals with expertise on and projects actively involving Ukraine VolexityppMultiple complexities in the investigation prevented Volexity from attributing this attack to any known threat actors But a Microsoft report in April this year made it clear as it included indicators of compromise IoCs that overlapped with Volexitys observations and pointed to the Russian threat groupppBased on details in Microsofts report its very likely that APT28 was able to escalate privileges before runing critical payloads by exploiting as a zero day the CVE202238028 vulnerability in the Windows Print Spooler service within the victims networkppAPT28s nearby neighbor attack shows that a closeaccess operation which typically requires proximity to the target eg parking lot can also be conducted from afar and eliminates the risk of being physically identified or caughtppWhile internetfacing devices have benefited from improved security over the past years by adding MFA and other types of protections WiFi corporate networks need to be treated with the same care as any other remote access serviceppRussia arrests cybercriminal Wazawaka for ties with ransomware gangsppFirefox and Windows zerodays exploited by Russian RomCom hackersppGermany drafts law to protect researchers who find security flawsppUS warns of lastminute Iranian and Russian election influence opsppRussia targets Ukrainian conscripts with Windows Android malwareppInteresting Thanks BillppNot a member yet Register NowppNew Windows Server 2012 zeroday gets free unofficial patchesppNew Rockstar 2FA phishing service targets Microsoft 365 accountsppSpyLoan Android malware on Google play installed 8 million timesppWhy Cybersecurity Leaders Trust the MITRE ATTCK EvaluationsppThe Actual Cost of Forgotten PasswordsppHow to leverage 200 million FCC program boosting K12 cybersecurityppCynet delivers 426 ROI in Forrester Total Economic Impact StudyppSolving the painful password problem with better policiesppTerms of Use Privacy Policy Ethics Statement Affiliate DisclosureppCopyright 2003 2024 Bleeping Computer LLC All Rights ReservedppNot a member yet Register NowppRead our posting guidelinese to learn what content is prohibitedp