Russian hackers compromised the Wi-Fi of an organization located in the U.S. without needing to get into range of its wireless network. The attackers accomplished the feat by jumping from one Wi-Fi network to another until they finally reached the destination target. Cybersecurity firm Volexity detailed the attack on its blog after it discovered suspicious activity on a client’s computers (Company A).
The hackers were able to access their target by first compromising the network of a neighboring firm (Company B). In their first attack, they looked for a computer that was connected via Ethernet to the initially compromised network (Company B) but could also connect via Wi-Fi. From there, they connected to the wireless network of their final target (Company A). Another attack showed the hackers penetrating the network of a third company (Company C) to then connect to Company B’s Wi-Fi. They then used that connection to Company B to advance their cyberattack on Company A.
Attacks on Wi-Fi networks have been around for years, with one operation in 2018 making the news after it was discovered that Russian operatives were attempting to get into the wireless network of the Organization for the Prohibition of Chemical Weapons in The Hague by using equipment in the trunk of a car. However, this kind of daisy chain attack, called “nearest neighbor attack”, where the attackers use one or two different networks to compromise a third one, is unheard of. The discovery of this technique makes cybersecurity even more complicated, as you now have to consider the network (both wired and wireless) of organizations that are within range of your Wi-Fi access points.
Aside from that, this kind of remote skullduggery protects the attacker, as they no longer need to be in range of the target wireless network to access it. It also makes it harder to determine the source of the attack, as the use of multiple networks and devices obscures the original weak point in the system.
Some expert recommendations to help mitigate these kinds of attacks include: limiting the range of wireless access points to within the immediate vicinity of the area, hiding SSID names, and implementing mandatory multifactor authentication.
The average user does not need to worry about this type of attack, though, as it’s quite an intensive and sophisticated method used by nation-state actors. The only way you can truly secure a network or device in this day and age is if you air-gap it. But even then, researchers have found ways to snoop data from air-gapped systems using RAM sticks, for example.
