![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
thewayneThis is a wild story, and it happened two years ago.
A security firm, Volexity, was investigating a network breach for an unnamed client in Washington, DC. By studying logs, they had evidence of anomalous and unauthorized traffic indicating a breach, but they couldn't figure out where it was coming from. The client's network was very well secured, and they went over it from top to bottom. Then another attack happened, and this time some critical information was captured: the name of a network domain belonging to a company across the street!
There was no reason to suspect that A was attacking B. They went over and did a network analysis, and what was eventually found was a compromised laptop. The Russians had got into it in such a way that they were able to activate the laptop's wireless card and attack Volexity's client with it!
But that wasn't all.
The Russians used a similar attack from yet another company to get into A!
Company A never detected the intrusion from the Russians, much less that the laptop had been compromised. Except Volexity locked down A and future attacks by the Russians were detected and blocked.
Definitely a clever approach to indirectly attacking someone. Traditionally when the Russians wanted access to a network, they sent an actual team to the business who would attempt wireless hacks. Except one such team was caught trying to get into The Hague and all their equipment was seized. Now they can do it all safely from Mother Russia with no risk of capture.
https://www.wired.com/story/russia-gru-apt28-wifi-daisy-chain-breach/
https://arstechnica.com/security/2024/11/spies-hack-wi-fi-networks-in-far-off-land-to-launch-attack-on-target-next-door/
https://mobile.slashdot.org/story/24/11/22/2331247/russian-spies-jumped-from-one-network-to-another-via-wi-fi
A security firm, Volexity, was investigating a network breach for an unnamed client in Washington, DC. By studying logs, they had evidence of anomalous and unauthorized traffic indicating a breach, but they couldn't figure out where it was coming from. The client's network was very well secured, and they went over it from top to bottom. Then another attack happened, and this time some critical information was captured: the name of a network domain belonging to a company across the street!
There was no reason to suspect that A was attacking B. They went over and did a network analysis, and what was eventually found was a compromised laptop. The Russians had got into it in such a way that they were able to activate the laptop's wireless card and attack Volexity's client with it!
But that wasn't all.
The Russians used a similar attack from yet another company to get into A!
Company A never detected the intrusion from the Russians, much less that the laptop had been compromised. Except Volexity locked down A and future attacks by the Russians were detected and blocked.
Definitely a clever approach to indirectly attacking someone. Traditionally when the Russians wanted access to a network, they sent an actual team to the business who would attempt wireless hacks. Except one such team was caught trying to get into The Hague and all their equipment was seized. Now they can do it all safely from Mother Russia with no risk of capture.
https://www.wired.com/story/russia-gru-apt28-wifi-daisy-chain-breach/
https://arstechnica.com/security/2024/11/spies-hack-wi-fi-networks-in-far-off-land-to-launch-attack-on-target-next-door/
https://mobile.slashdot.org/story/24/11/22/2331247/russian-spies-jumped-from-one-network-to-another-via-wi-fi
no subject
Date: 2024-11-24 11:01 am (UTC)And again, they can do this kind of crap, but they are so lousy about fighting a war?
Maybe if they spent less time throwing people out of buildings. :p
Hugs, Jon
no subject
Date: 2024-11-24 05:34 pm (UTC)IT intrusion requires fast computers and very smart and clever people. War requires profound outlay of the nation's GDP and innovation. Russia built up a big army and put them in reserve encampments, where the high rank soldiers plundered thermal sights, laser rangefinders, etc. and sold them on the black markets for personal profit. The oligarchs were given contracts to produce this equipment, and with Putin's blessing skimmed them and produced poor quality products that somehow passed inspection. On top of that, the Russian professional army weren't as good as they thought, when you add in a huge conscript army that didn't really want to be there, you don't have the makings of a great army. When the rubber hit the road, it didn't perform well. The cost/benefit of IT crime is huge as the costs are hardware - relatively speaking minimal, the people, and time to work things out.
no subject
Date: 2024-11-25 01:11 am (UTC)no subject
Date: 2024-11-25 03:34 am (UTC)I hope that the generals and command staff recognize it as a potentially unlawful order and don't obey.
no subject
Date: 2024-11-25 05:31 am (UTC)no subject
Date: 2024-11-25 06:28 pm (UTC)no subject
Date: 2024-11-25 07:51 pm (UTC)Yep. It's always a given: if your opponent is a state actor, you're probably going to get compromised. Eventually. But you're still bound to try to follow good practices.