Russian hackers are attacking innocent companies to get access to their neighbors

• Russia’s APT28 cyber-espionage group linked to ‘Nearest Neighbor Attack’
• Victim’s Wi-Fi network was protected, but its neighbor’s wasn’t
• Timing aligns with Russia’s invasion of Ukraine in 2022

Russian cyber-espionage group APT28, also known as Fancy Bear, was able to breach an American company’s network by leveraging a ‘Nearest Neighbor Attack’ exploiting nearby Wi-Fi networks.

First identified by cybersecurity firm Volexity in February 2022, the attack raises new concerns about vulnerabilities in corporate Wi-Fi system.

In this case, APT28, tracked by Volexity as ‘GruesomeLarch,’ targeted a US organization engaged in Ukrainian-related projects, hence the nation-state’s interest in the firm.

‘nearest neighbour attacks’

The attack on the unnamed US company – a customer of Volexity’s whose identity has been protected – started with password-spraying to acquire credentials for the victim’s enterprise Wi-Fi network. The firm’s multi-factor authentication protected its public-facing systems however the hackers ...