Russian Hackers Carry Out An Impressive, Unprecedented Attack
Russian hackers have developed an unprecedented technique to remotely gain access to a computer. The APT28 group, also known as Fancy Bear, carried out the unprecedented attack by jumping from one Wi-Fi network to another to take control of a laptop. The hack took place two years ago in Washington, D.C., the area home to the White House and the U.S. Capitol.
According to Wired, a new cyberattack has revealed new techniques used by Russian hackers. The APT28 group, which is linked to the Kremlin’s Central Intelligence Directorate, carried out a hack to gain access to a laptop containing key content on the war in Ukraine. The peculiarity of this attack is that the hackers were able to jump between multiple Wi-Fi networks until they reached their target.
The technique, known as the “nearest neighbor attack,” was documented by Stephen Adair, a cybersecurity expert who discovered the breach while on assignment in Washington. In a blog post on Volexity , Adair explains that the hacking group breached the laptop’s security with a chain attack, compromising multiple Wi-Fi networks. What’s even more impressive is that it was all orchestrated thousands of miles away, at an undisclosed location in Russia.
At first glance, APT28’s technology looks like something out of a sci-fi movie. The hacker group’s goal was to collect data from people with expertise and projects related to Ukraine. The attack was carried out in early 2022, weeks before Russia invaded Ukraine and began a war that has now entered its thousandth day.
- Russian hackers used an unprecedented technique to reach their victim.
According to the expert’s description, the hackers used a computer located across the street to reach their victim. Unlike other attacks where the hacker is physically present at the scene, the group hacked the medium-sized equipment from a distance and operated it as if it were a puppeteer. Through this computer, it would connect to the same Wi-Fi network as the victim and extract information.
To do this, the hackers compromised a corporate network located in a building close to the victim. They then looked for a computer with an Ethernet port and a wireless network card, a key step in being able to remotely connect to the target’s business network. Once located, they took control of the computer and hacked into the victim’s Wi-Fi network to gain access to their system.
If you’re wondering why an intermediary computer is necessary, the answer has to do with two-factor authentication (2FA). The hacking group obtained the victim’s username and password, however, they couldn’t connect to the system because it required two-factor authentication (2FA). The hackers discovered that the only way to bypass this requirement was to physically connect from the company’s network, so they breached the security of another nearby company and connected from there.
Although Fancy Bear has not claimed responsibility for the attack, some of the files discovered in the investigation coincide with other attacks it has carried out. Fancy Bear is responsible for hacking the Democratic Party during the 2016 elections, the German parliament (Bundestag) networks in 2015, and the attack on the French TV network TV5 Monde.