Hackers from Russian intelligence services infiltrated a computer in Washington before attacking the Wi-Fi network of one company, then another, until reaching their target. This hack was part of the espionage plans before the invasion of Ukraine.
Russian intelligence services had already begun implementing their strategy in Washington before the launch of the invasion of Ukraine. In an article published on November 22 in the magazine Wiredcybersecurity experts from the company Volexity revealed a two-year investigation into a hack that took place from the streets of the American capital.
Researchers attribute this attack to the Russian hacker group Fancy Bear, a notorious unit affiliated with Russian military intelligence (GRU). The level of sophistication of the attack suggests that the hackers have high resources. The name of the target has not been disclosed, but it is believed to be a company operating in a sensitive area.
Cyberattacks: when humans are the weak link
With U-Cyber 360°, the French company Mailinblack allows you to protect your organization and educate your employees in cybersecurity.
From the password manager to email security, continuing training and attack simulations, this solution brings together all the tools to prevent cyber risks.
The weak link in this company? A poorly configured Wi-Fi connection in a meeting room. The hackers first infiltrated a computer connected by Ethernet. This device then became a toxic platform to infiltrate the rest of the posts. By activating the Wi-Fi module of this computer, the hackers established a gateway to another network located nearby. Using stolen Wi-Fi credentials, the attackers were then able to connect to the target network, located across the street.
This technique, called “intrusion chaining,” relies on successively using compromised devices as relays, allowing them to progress toward their target without leaving an obvious trace.
Information stolen ahead of the invasion of Ukraine
These intrusions took place in the months before and during Russia’s invasion of Ukraine in February 2022. The targets identified within the hacked network were working on topics related to Ukraine, indicating that the operation aimed to collect sensitive intelligence to support Russian military or strategic efforts.
This hacking technique reflects an evolution in the GRU’s methods, which adapts its tactics to new cybersecurity constraints to achieve its political objectives. In 2018, intelligence agents traveled to The Hague to hack the Wi-Fi network of the Organization for the Prohibition of Chemical Weapons in The Hague. At the time, this institution was working on chemical weapons used by the Syrian regime – supported by Russia – and on the poisoning of former Russian agent Sergei Skripal in London.
Despite Volexity’s intervention to expel the hackers from the target network, the latter did not abandon their attempt. They sought to revert by accessing resources from previous Wi-Fi networks. The investigation also found that they likely exploited other vulnerabilities, including a compromised VPN device. This carefully orchestrated strategy, combined with the means deployed, leaves little doubt about the state character of the operation.
Source: www.numerama.com