![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
This is a wild story, and it happened two years ago.
A security firm, Volexity, was investigating a network breach for an unnamed client in Washington, DC. By studying logs, they had evidence of anomalous and unauthorized traffic indicating a breach, but they couldn't figure out where it was coming from. The client's network was very well secured, and they went over it from top to bottom. Then another attack happened, and this time some critical information was captured: the name of a network domain belonging to a company across the street!
There was no reason to suspect that A was attacking B. They went over and did a network analysis, and what was eventually found was a compromised laptop. The Russians had got into it in such a way that they were able to activate the laptop's wireless card and attack Volexity's client with it!
But that wasn't all.
The Russians used a similar attack from yet another company to get into A!
Company A never detected the intrusion from the Russians, much less that the laptop had been compromised. Except Volexity locked down A and future attacks by the Russians were detected and blocked.
Definitely a clever approach to indirectly attacking someone. Traditionally when the Russians wanted access to a network, they sent an actual team to the business who would attempt wireless hacks. Except one such team was caught trying to get into The Hague and all their equipment was seized. Now they can do it all safely from Mother Russia with no risk of capture.
https://www.wired.com/story/russia-gru-apt28-wifi-daisy-chain-breach/
https://arstechnica.com/security/2024/11/spies-hack-wi-fi-networks-in-far-off-land-to-launch-attack-on-target-next-door/
https://mobile.slashdot.org/story/24/11/22/2331247/russian-spies-jumped-from-one-network-to-another-via-wi-fi
A security firm, Volexity, was investigating a network breach for an unnamed client in Washington, DC. By studying logs, they had evidence of anomalous and unauthorized traffic indicating a breach, but they couldn't figure out where it was coming from. The client's network was very well secured, and they went over it from top to bottom. Then another attack happened, and this time some critical information was captured: the name of a network domain belonging to a company across the street!
There was no reason to suspect that A was attacking B. They went over and did a network analysis, and what was eventually found was a compromised laptop. The Russians had got into it in such a way that they were able to activate the laptop's wireless card and attack Volexity's client with it!
But that wasn't all.
The Russians used a similar attack from yet another company to get into A!
Company A never detected the intrusion from the Russians, much less that the laptop had been compromised. Except Volexity locked down A and future attacks by the Russians were detected and blocked.
Definitely a clever approach to indirectly attacking someone. Traditionally when the Russians wanted access to a network, they sent an actual team to the business who would attempt wireless hacks. Except one such team was caught trying to get into The Hague and all their equipment was seized. Now they can do it all safely from Mother Russia with no risk of capture.
https://www.wired.com/story/russia-gru-apt28-wifi-daisy-chain-breach/
https://arstechnica.com/security/2024/11/spies-hack-wi-fi-networks-in-far-off-land-to-launch-attack-on-target-next-door/
https://mobile.slashdot.org/story/24/11/22/2331247/russian-spies-jumped-from-one-network-to-another-via-wi-fi
