Spies hack Wi-Fi networks in far-off land to launch attack on target next door

You May Be Interested In:Twirling body horror in gymnastics video exposes AI’s flaws


While stalking its target, GruesomeLarch performed credential-stuffing attacks that compromised the passwords of several accounts on a web service platform used by the organization’s employees. Two-factor authentication enforced on the platform, however, prevented the attackers from compromising the accounts.

So GruesomeLarch found devices in physically adjacent locations, compromised them, and used them to probe the target’s Wi-Fi network. It turned out credentials for the compromised web services accounts also worked for accounts on the Wi-Fi network, only no 2FA was required.

Adding further flourish, the attackers hacked one of the neighboring Wi-Fi-enabled devices by exploiting what in early 2022 was a zero-day vulnerability in the Microsoft Windows Print Spooler.

The 2022 hack demonstrates how a single faulty assumption can undo an otherwise effective defense. For whatever reason—likely an assumption that 2FA on the Wi-Fi network was unnecessary because attacks required close proximity—the target deployed 2FA on the Internet-connecting web services platform (Adair isn’t saying what type) but not on the Wi-Fi network. That one oversight ultimately torpedoed a robust security practice.

Advanced persistent threat groups like GruesomeLarch—a part of the much larger GRU APT with names including Fancy Bear, APT28, Forrest Blizzard, and Sofacy—excel in finding and exploiting these sorts of oversights.

Volixity’s post describing the 2022 attack provides plenty of technical details about the compromise on the many links in this sophisticated daisy chain attack flow. There’s also useful advice for protecting networks against these sorts of compromises.

share Paylaş facebook pinterest whatsapp x print

Similar Content

Redbox hack reveals customer info. from 2K rentals
Redbox hack reveals customer info. from 2K rentals
CTV industry’s unprecedented “surveillance”
CTV industry’s unprecedented “surveillance”
Teaching computers a new way to count could make numbers more accurate
Teaching computers a new way to count could make numbers more accurate
Retro tin toy santa robot holding christmas present
OpenAI teases 12 days of mystery product launches starting tomorrow
Two never-before-seen tools, from same group, infect air-gapped devices
Two never-before-seen tools, from same group, infect air-gapped devices
Location tracking of phones is out of control. Here’s how to fight back.
Location tracking of phones is out of control. Here’s how to fight back.
The News Spectrum | © 2024 | News