Russian hackers exploiting 'nearest neighbor' to infiltrate distant Wi-Fi networks
What's the story
Russian hackers have devised a complex technique to breach Wi-Fi networks, without having to be physically close to the target.
The technique, dubbed the "nearest neighbor attack," was unearthed by cybersecurity firm Volexity while investigating a network breach in Washington DC.
The attackers were traced back to a hacker group linked to Russia's military intelligence agency and known by various monikers, including APT28, Fancy Bear, and Unit 26165.
Attack strategy
How does the 'nearest neighbor attack' work?
The "nearest neighbor attack" is a multi-step process that uses vulnerabilities in nearby networks to breach the main target.
First, hackers compromise a vulnerable network near their target. They then take control of a laptop in this compromised network and use its Wi-Fi to breach the target network.
This way, they can launch attacks from a distance, exploiting local Wi-Fi vulnerabilities without risking physical detection.
Attack complexity
It involves multiple network breaches
In the case investigated by Volexity, the "nearest neighbor attack" was not just a single network breach.
The firm discovered evidence of a chain of Wi-Fi network infiltrations, involving as many as three different networks before hitting the final target.
This complicated operation leveraged different technical elements like credential exploitation, bypassing the two-factor authentication process, and domain name leakage.
Even after initial detection, the hackers continued with multiple intrusion attempts.
Security implications
New attack method poses significant challenges for cybersecurity
The "nearest neighbor attack" poses major challenges for cybersecurity experts, as it requires them to consider the security of neighboring networks as part of their threat landscape.
The ability to launch these attacks from afar widens the pool of attackers and makes it harder to determine who is behind an attack.
To counter this new threat, experts recommend limiting Wi-Fi range, obfuscating network names, etc.