Russian hackers exploiting 'nearest neighbor' to infiltrate distant Wi-Fi networks
Russian hackers have devised a complex technique to breach Wi-Fi networks, without having to be physically close to the target. The technique, dubbed the "nearest neighbor attack," was unearthed by cybersecurity firm Volexity while investigating a network breach in Washington DC. The attackers were traced back to a hacker group linked to Russia's military intelligence agency and known by various monikers, including APT28, Fancy Bear, and Unit 26165.
How does the 'nearest neighbor attack' work?
The "nearest neighbor attack" is a multi-step process that uses vulnerabilities in nearby networks to breach the main target. First, hackers compromise a vulnerable network near their target. They then take control of a laptop in this compromised network and use its Wi-Fi to breach the target network. This way, they can launch attacks from a distance, exploiting local Wi-Fi vulnerabilities without risking physical detection.
It involves multiple network breaches
In the case investigated by Volexity, the "nearest neighbor attack" was not just a single network breach. The firm discovered evidence of a chain of Wi-Fi network infiltrations, involving as many as three different networks before hitting the final target. This complicated operation leveraged different technical elements like credential exploitation, bypassing the two-factor authentication process, and domain name leakage. Even after initial detection, the hackers continued with multiple intrusion attempts.
New attack method poses significant challenges for cybersecurity
The "nearest neighbor attack" poses major challenges for cybersecurity experts, as it requires them to consider the security of neighboring networks as part of their threat landscape. The ability to launch these attacks from afar widens the pool of attackers and makes it harder to determine who is behind an attack. To counter this new threat, experts recommend limiting Wi-Fi range, obfuscating network names, etc.
