Jakarta –
There are many tactics that must be used hacker to break into a networkespecially if the network must be accessed physically, that is, it must be done from near the network location.
For example, spies from the Russian intelligence agency GRU were caught red-handed in The Hague, Netherlands in 2018. They hid in a car parked on the side of the road. The car is equipped with a special antenna in the trunk. At that time the target was a WiFi network belonging to the Organization for the Prohibition of Chemical Weapons.
This action was carried out in response to the investigation into the murder of a GRU defector named Sergei Skripal. However, this resulted in a number of APT28 team members being arrested and their equipment confiscated.
ADVERTISEMENT
SCROLL TO CONTINUE WITH CONTENT
Since the incident, it seems that the GRU has used other, more sophisticated technology. Namely using the WiFi network belonging to the office in the neighboring target building.
This was revealed by cyber security researcher Steven Adair at the Cyberwarcon security conference, which was held in Arlington, Virginia, United States. Adair, who works at a cybersecurity company called Volexity, investigated cyber attacks on its customers in Washington in 2022.
They said the perpetrator of the attack was Fancy Bear, also known as APT28 and Unit 26165, which is part of the hacker group in the GRU. This hacker gang is famous for its various actions, such as hacking the Democratic National Committee in 2016.
Well, the action in 2022 is quite interesting, because APT28 carried out its action by breaking into the WiFi network in the neighboring building of its target, as quoted by detikINET from Wired, Saturday (22/11/2024).
Initially, Volexity discovered that this intrusion occurred at the WiFi access point located at the end of the building. Then Adair combed the location to find the source of the intrusion.
“I was right there looking for it. We looked at the smart TV, looked for a device in the toilet, or maybe in the parking lot, or a printer. We couldn’t find the source,” said Adair.
But finally, on further investigation, they found that the hacker was caught using a domain owned by a company across the building. Then he investigated the neighboring building, and found the source of the intrusion was a laptop in the neighboring building.
Apparently the hacker infiltrated the laptop which was connected to the local network via Ethernet. Then he activates WiFi as a relay to enter the target network.
“This is the first case we have handled where a remote perpetrator hacked another organization in America that was located close to the intended target, then redirected the attack via WiFi to the target’s network across the street,” said Adair.
“This is a very interesting attack vector that we haven’t seen before,” he added.
The information targeted by APT28 in this attack was intelligence about Ukraine. This is no coincidence, as the action was carried out just a month before Russia invaded Ukraine in February 2022.
(asj/asj)
Networks, Spies, and WiFi: The Unconventional Tactics of the GRU
Hello there, fellow digital explorers! Today, we step into the murky waters of espionage and hacking, where the stakes are high and the WiFi connections are… well, questionable. If you thought your neighbor’s WiFi password was hard to crack, wait until you hear about the Russian intelligence agency, the GRU (that’s “Main Directorate,” not “Grumpy Rogers Unit,” although they might qualify on some days).
The Great WiFi Heist
In 2018, the GRU decided that hiding in plain sight wasn’t quite cutting it and opted for good old-fashioned subterfuge. Picture this: spies parked in a car, antenna arcing like a hidden ninja ready to steal signals. This was their attempt to infiltrate the WiFi network belonging to the Organization for the Prohibition of Chemical Weapons (OPCW) in The Hague. Now, there’s something absurdly cartoonish about a bunch of spies sitting in a car like teenagers at a cinema, all to swipe WiFi. Makes you wonder if they had popcorn.
Of course, their tunnel vision came at a price — they were caught red-handed! And you thought getting caught using your mate’s Netflix account was embarrassing. These guys had their fancy gadgets confiscated like they were toys from a 12-year-old’s birthday party.
From Car to Laptop: A Tale of Tech Evolution
Skip ahead to 2022, and it seems like the GRU got a glow-up. They moved from the “sitting-in-a-car” approach to hacking from a neighboring building. Cybersecurity researcher Steven Adair dropped the juicy tidbit about how the infamous hacking group known as APT28 decided to play a round of “WiFi WiFi, Who’s Got the WiFi?” Adair, speaking at the Cyberwarcon security conference, revealed how the hackers tapped into a local network before redirecting their malevolent intentions across the street.
Picture that: a laptop connected to Ethernet, while the hacker activates WiFi like it’s some sort of technological magic trick. “Ta da! I’m in your network but technically not in your building!” Adair seemed as baffled as We would be if we found out our grandma was on TikTok.
Intelligence? More Like Inteligent-Oh No You Didn’t
But wait, there’s more! According to Adair, this wasn’t just a local prank; the object of the hack was juicy intelligence about Ukraine — right before the country hit global headlines in early 2022. It’s a classic case of “always be prepared” …and have your WiFi secured, folks! It’s ever so clear that while most of us are worried about buffering during our binge-watching marathons, these guys are worried about buffering their grand schemes in international espionage.
So there you have it! A motley crew of digital mischief-makers using WiFi like it’s a coveted passes at a theme park, all to gather intelligence on a geopolitical situation. Makes your tech troubles feel like child’s play, right? Just don’t forget to change that default router password!
Stay tuned for more insights from the shadowy world of hacking and espionage — and remember, some of us are still trying to figure out who actually eats all the snacks at the cyber party!
Jakarta –
To breach a network, hackers often employ a variety of sophisticated tactics, especially when physical proximity to the target is required for access. This necessitates a careful, strategic approach that often involves extensive planning and execution.
One notable incident involved spies from the Russian intelligence agency GRU, who were apprehended in The Hague, Netherlands, in 2018. These operatives concealed themselves in a vehicle parked discreetly on the roadside, which was equipped with a specialized antenna located in the trunk. Their target during this operation was the WiFi network of the Organization for the Prohibition of Chemical Weapons, highlighting their intent to gather sensitive information related to international disarmament efforts.
This covert operation was a reaction to the investigations surrounding the assassination of GRU defector Sergei Skripal. As a result, several members of the notorious APT28 were arrested, and authorities confiscated their high-tech gear, marking a significant blow to Russian cyber espionage efforts in that region.
Since that high-profile incident, the GRU appears to have adapted its methods by employing even more advanced technology. They have reportedly turned to utilizing the WiFi network of adjacent office buildings to execute their cyber intrusions, showcasing a shift towards more subtle and less detectable tactics.
This shift in strategy was elucidated by cyber security expert Steven Adair during his presentation at the Cyberwarcon security conference held in Arlington, Virginia, where he discussed his findings from investigating numerous cyber attacks that targeted clients in Washington in 2022.
The cyber assault was attributed to Fancy Bear, also recognized as APT28 and Unit 26165, a notorious hacking collective operated by the GRU. This group is infamous for its various high-profile operations, including the breach of the Democratic National Committee’s systems during the 2016 U.S. presidential election.
What set the 2022 operation apart was APT28’s innovative approach to hacking by infiltrating the WiFi network of a nearby building to access its intended target, as reported by detikINET and Wired.
Initially, Volexity identified the intrusion as originating from a WiFi access point at the far end of the building. Consequently, Adair conducted an extensive search of the premises to pinpoint the source of the attack.
In his investigation, Adair meticulously examined various devices, ranging from smart TVs and printers to locations like restrooms and parking lots. However, they encountered difficulties locating the origin of the intrusion until further analysis pointed to a domain controlled by a company in the adjacent building.
The investigation revealed that the hacker had compromised a laptop within that building, which was connected to the local network via Ethernet. The hacker had then activated the WiFi function as a relaying mechanism to infiltrate the target’s network situated across the street.
This case marked an unprecedented instance where a remote attacker targeted an organization located close to a desired target, subsequently redirecting their assault via WiFi, a tactic previously unseen in the cybersecurity landscape, according to Adair.
The intelligence sought by APT28 in this incursion included critical data regarding Ukraine. This timing is significant, as the attack occurred just one month prior to Russia’s full-scale invasion of Ukraine in February 2022, indicating a calculated move to gather vital intelligence in the lead-up to hostilities.
(asj/asj)
What were the tactics used by the GRU in the 2016 hacking of the Democratic National Committee?
He hacking of the Democratic National Committee in 2016, which drew considerable media attention and condemnation from the international community.
Adair explained that in this particular incident, the attackers managed to compromise a WiFi access point in a nearby building. By doing so, they were able to launch their attack on a target organization located just across the street. This marked a significant evolution in GRU tactics, as they displayed an ability to leverage proximate networks in creative ways to bypass traditional barriers to entry.
The investigation revealed that the hackers had infiltrated a laptop connected to the local Ethernet network of the building they breached. This laptop was then used as a launching pad; the perpetrator activated its WiFi capabilities to relay signals into the target’s network, effectively creating a stealthy bridge. Adair noted, “This is the first case we have handled where a remote perpetrator hacked another organization in America that was located close to the intended target, then redirected the attack via WiFi to the target’s network across the street.”
The intelligence that APT28 sought in this operation was related to Ukraine, which further underscores the geopolitical tensions that were escalating at the time, particularly in the run-up to Russia’s invasion of Ukraine in February 2022. The timing of the cyber intrusion suggests a calculated effort to gather vital information that could inform Russian strategic objectives.
this incident highlights not only the evolving nature of cyber threats but also the lengths to which state-sponsored actors will go to secure sensitive information. As the GRU adapts its tactics, it raises pressing questions about cybersecurity measures and the importance of maintaining robust defenses against unconventional and asymmetric methods of attack. It serves as a stark reminder that in the game of espionage, the boundaries of conventional warfare are constantly being tested, and the digital landscape is just as crucial a battlefield as any physical space.
