In a first, Russia’s APT28 hacking group appears to have remotely breached the Wi-Fi of an espionage target by hijacking a laptop in another building across the street.
Determined hackers, sitting in a car outside a target’s building and using radio equipment to breach its Wi-Fi network has long been an effective but risky technique. These risks became all too clear when spies working for Russia’s GRU military intelligence agency were caught red-handed on a city street in the Netherlands in 2018 using an antenna hidden in their car’s trunk to try to hack into the Wi-Fi of the Organization for the Prohibition of Chemical Weapons.
Since that incident, however, that same unit of Russian military hackers appears to have developed a new and far safer Wi-Fi hacking technique: Instead of venturing into radio range of their target, they found another vulnerable network in a building across the street, remotely hacked into a laptop in that neighboring building, and used that computer’s antenna to break into the Wi-Fi network of their intended victim—a radio-hacking trick that never even required leaving Russian soil.
At the Cyberwarcon security conference in Arlington, Virginia, today, cybersecurity researcher Steven Adair will reveal how his firm, Volexity, discovered that unprecedented Wi-Fi hacking technique—what the firm is calling a “nearest neighbor attack”—while investigating a network breach targeting a customer in Washington, DC, in 2022.
Volexity, which declined to name its DC customer, has since tied the breach to the Russian hacker group known as Fancy Bear, APT28, or Unit 26165. Part of Russia’s GRU military intelligence agency, the group has been involved in notorious cases ranging from the breach of the Democratic National Committee in 2016 to the botched Wi-Fi hacking operation in which four of its members were arrested in the Netherlands in 2018.