zCat on Nostr: Hackers breach US firm over Wi-Fi from Russia in 'Nearest Neighbor Attack': Russian ...
Hackers breach US firm over Wi-Fi from Russia in 'Nearest Neighbor Attack':
Russian state hackers APT28 (Fancy Bear/Forest Blizzard/Sofacy) breached a U.S. company through its enterprise WiFi network while being thousands of miles away, by leveraging a novel technique called "nearest neighbor attack."
The threat actor pivoted to the target after first compromising an organization in a nearby building within the WiFi range.
The attack was discovered on February 4, 2022, when cybersecurity company Volexity detected a server compromise at a customer site in Washington, DC that was doing Ukrainian-related work.
See more:
https://www.bleepingcomputer.com/news/security/hackers-breach-us-firm-over-wi-fi-from-russia-in-nearest-neighbor-attack/
#cybersecurity #nearestneighbor
Russian state hackers APT28 (Fancy Bear/Forest Blizzard/Sofacy) breached a U.S. company through its enterprise WiFi network while being thousands of miles away, by leveraging a novel technique called "nearest neighbor attack."
The threat actor pivoted to the target after first compromising an organization in a nearby building within the WiFi range.
The attack was discovered on February 4, 2022, when cybersecurity company Volexity detected a server compromise at a customer site in Washington, DC that was doing Ukrainian-related work.
See more:
https://www.bleepingcomputer.com/news/security/hackers-breach-us-firm-over-wi-fi-from-russia-in-nearest-neighbor-attack/
#cybersecurity #nearestneighbor
quoting nevent1q…sh8aRussian Hackers Deploy HATVIBE and CHERRYSPY Malware Across Europe and Asia
Threat actors with ties to Russia have been linked to a cyber espionage campaign aimed at organizations in Central Asia, East Asia, and Europe.
Recorded Future's Insikt Group, which has assigned the activity cluster the name TAG-110, said it overlaps with a threat group tracked by the Computer Emergency Response Team of Ukraine (CERT-UA) as UAC-0063, which, in turn, overlaps with APT28. The hacking crew has been active since at least 2021.
"Using custom malware tools HATVIBE and CHERRYSPY, TAG-110 primarily attacks government entities, human rights groups, and educational institutions," the cybersecurity company said in a Thursday report. "HATVIBE functions as a loader to deploy CHERRYSPY, a Python backdoor used for data exfiltration and espionage."
See more: https://thehackernews.com/2024/11/russian-hackers-deploy-hatvibe-and.html
#cybersecurity #malware