There’s a new attack in town, the nearest neighbor attack

Hello gang,

I know I saw this on Mastodon today with it being 4 days old and I did see it also on Bleeping Computer.

This attack they’re talking about is a 2022 attack where a certain threat group was able to get on a network they were interested in by finding something near by that could connect to them since they were some oceans away.

This proves that strong passwords are a must, because if the password that was used to connect from another building wasn’t, they couldn’t get to any other point nearby or otherwise.

This type of attack is clever, and would give my pass of the sophistocated test smell, because this is not something you have to actually be involved in.

Volexity first reported on this, and others have picked this up.

The threat group in question breached multiple organizations through this method, can you name the threat actor involved?

While the initial report did not name a group, a Microsoft report in April was able to confidently determine the group behind this sophistocated attack.

If you guessed APT28, Fancybear, Forrest Blizzard or Sofacy, you are correct.

We’ve covered Fancy Bear for quite awhile and this doesn’t necessarily surprise me.

Speaking of Fancy Bear, did you read the book by the same name? We did, and we’ve talked about it through TSB in the past. Find it on our resources through EMHS.

Neighbor (source Volexity)

The image illustrates a “Nearest Neighbor Attack.” It shows a map with a hacker icon connecting to a building highlighted in a circle. Inside the circle, there are icons representing VPN and camera targets. The text explains that an attacker compromises infrastructure near a target, identifies a dual-homed system, enables Wi-Fi, and uses compromised credentials to connect to the target’s network. This suggests a cyber attack method targeting nearby networks.
The JRN asked Picture Smart what the text in the image said. Here is its response in quotes.

The text in the image reads:

“Nearest Neighbor Attack

Attacker compromises infrastructure in physical proximity to target of interest.
A dual-homed system is identified and attacker enables Wi-Fi.
Attacker uses compromised credentials to connect into the network of actual intended target.”

For complete details on the research to identify who was responsible and what the research found, please read Hackers breach US firm over Wi-Fi from Russia in ‘Nearest Neighbor Attack’ and stay safe out there!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.