/*! elementor-pro - v3.26.0 - 17-12-2024 */ (()=>{"use strict";class Screenshot extends elementorModules.ViewModule{getDefaultSettings(){return{empty_content_headline:"Empty Content.",crop:{width:1200,height:1500},excluded_external_css_urls:["https://kit-pro.fontawesome.com"],external_images_urls:["https://i.ytimg.com"],timeout:15e3,render_timeout:5e3,timerLabel:null,timer_label:`${ElementorScreenshotConfig.post_id} - timer`,image_placeholder:"data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=",isDebug:elementorCommonConfig.isElementorDebug,isDebugSvg:!1,...ElementorScreenshotConfig}}getDefaultElements(){const e=jQuery(ElementorScreenshotConfig.selector),t=e.find(".elementor-section-wrap > .elementor-section, .elementor > .elementor-section");return{$elementor:e,$sections:t,$firstSection:t.first(),$notElementorElements:elementorCommon.elements.$body.find("> *:not(style, link)").not(e),$head:jQuery("head")}}onInit(){return super.onInit(),this.log("Screenshot init","time"),this.timeoutTimer=setTimeout(this.screenshotFailed.bind(this),this.getSettings("timeout")),this.captureScreenshot()}captureScreenshot(){return this.elements.$elementor.length||(elementorCommon.helpers.consoleWarn("Screenshots: The content of this page is empty, the module will create a fake conent just for this screenshot."),this.createFakeContent()),this.removeUnnecessaryElements(),this.handleIFrames(),this.removeFirstSectionMargin(),this.handleLinks(),this.loadExternalCss(),this.loadExternalImages(),Promise.resolve().then(this.createImage.bind(this)).then(this.createImageElement.bind(this)).then(this.cropCanvas.bind(this)).then(this.save.bind(this)).then(this.screenshotSucceed.bind(this)).catch(this.screenshotFailed.bind(this))}createFakeContent(){this.elements.$elementor=jQuery("

").css({height:this.getSettings("crop.height"),width:this.getSettings("crop.width"),display:"flex",alignItems:"center",justifyContent:"center"}),this.elements.$elementor.append(jQuery("

").css({fontSize:"85px"}).html(this.getSettings("empty_content_headline"))),document.body.prepend(this.elements.$elementor)}loadExternalCss(){const e=[this.getSettings("home_url"),...this.getSettings("excluded_external_css_urls")].map((e=>`[href^="${e}"]`)).join(", ");jQuery("link").not(e).each(((e,t)=>{const s=jQuery(t),n=s.clone();n.attr("href",this.getScreenshotProxyUrl(s.attr("href"))),this.elements.$head.append(n),s.remove()}))}loadExternalImages(){const e=this.getSettings("external_images_urls").map((e=>`img[src^="${e}"]`)).join(", ");jQuery(e).each(((e,t)=>{const s=jQuery(t);s.attr("src",this.getScreenshotProxyUrl(s.attr("src")))}))}handleIFrames(){this.elements.$elementor.find("iframe").each(((e,t)=>{const s=jQuery(t),n=jQuery("
",{css:{background:"gray",width:s.width(),height:s.height()}});s.before(n),s.remove()}))}removeUnnecessaryElements(){let e=0;this.elements.$sections.filter(((t,s)=>{let n=!1;return e>=this.getSettings("crop.height")&&(n=!0),e+=jQuery(s).outerHeight(),n})).each(((e,t)=>{t.remove()})),this.elements.$notElementorElements.remove()}handleLinks(){elementorCommon.elements.$body.find("a").attr("href","/")}removeFirstSectionMargin(){this.elements.$firstSection.css({marginTop:0})}createImage(){const e=new Promise((e=>{window.addEventListener("load",(()=>{e()}))})),t=new Promise((e=>{setTimeout((()=>{e()}),this.getSettings("render_timeout"))}));return Promise.race([e,t]).then((()=>{if(this.log("Start creating screenshot."),this.getSettings("isDebugSvg"))return domtoimage.toSvg(document.body,{imagePlaceholder:this.getSettings("image_placeholder")}).then((e=>this.download(e))),Promise.reject("Debug SVG.");return/^((?!chrome|android).)safari/i.test(window.userAgent)?(this.log('Creating screenshot with "html2canvas"'),html2canvas(document.body).then((e=>e.toDataURL("image/png")))):(this.log('Creating screenshot with "dom-to-image"'),domtoimage.toPng(document.body,{imagePlaceholder:this.getSettings("image_placeholder")}))}))}download(e){const t=jQuery("",{href:e,download:"debugSvg.svg",html:"Download SVG"});elementorCommon.elements.$body.append(t),t.trigger("click")}createImageElement(e){const t=new Image;return t.src=e,new Promise((e=>{t.onload=()=>e(t)}))}cropCanvas(e){const t=this.getSettings("crop.width"),s=this.getSettings("crop.height"),n=document.createElement("canvas"),i=n.getContext("2d"),o=t/e.width;return n.width=t,n.height=s>e.height?e.height:s,i.drawImage(e,0,0,e.width,e.height,0,0,e.widtho,e.heighto),Promise.resolve(n)}save(e){return new Promise(((t,s)=>{elementorCommon.ajax.addRequest("screenshot_save",{data:{post_id:this.getSettings("post_id"),screenshot:e.toDataURL("image/png")},success:e=>{this.log(`Screenshot created: ${encodeURI(e)}`),t(e)},error:()=>{this.log("Failed to create screenshot."),s()}})}))}markAsFailed(){return new Promise(((e,t)=>{elementorCommon.ajax.addRequest("screenshot_failed",{data:{post_id:this.getSettings("post_id")},success:()=>{this.log("Marked as failed."),e()},error:()=>{this.log("Failed to mark this screenshot as failed."),t()}})}))}getScreenshotProxyUrl(e){return`${this.getSettings("home_url")}?screenshot_proxy&nonce=${this.getSettings("nonce")}&href=${e}`}screenshotSucceed(e){this.screenshotDone(!0,e)}screenshotFailed(e){this.log(e,null),this.markAsFailed().then((()=>this.screenshotDone(!1)))}screenshotDone(e){let t=arguments.length>1&&void 0!==arguments[1]?arguments[1]:null;clearTimeout(this.timeoutTimer),this.timeoutTimer=null,window.parent.postMessage({name:"capture-screenshot-done",success:e,id:this.getSettings("post_id"),imageUrl:t},""),this.log(`Screenshot ${e?"Succeed":"Failed"}.`,"timeEnd")}log(e){let t=arguments.length>1&&void 0!==arguments[1]?arguments[1]:"timeLog";this.getSettings("isDebug")&&(console.log("string"==typeof e?`${this.getSettings("post_id")} - ${e}`:e),t&&console[t](this.getSettings("timer_label")))}}jQuery((()=>{new Screenshot}))})(); APT28 Cybersecurity Threats Archives - The Tach https://thetach.com/?tag=apt28-cybersecurity-threats Sat, 23 Nov 2024 17:25:11 +0000 en-US hourly 1 https://wordpress.org/?v=6.7.1 Russian Hackers Exploit Wi-Fi to Breach U.S. Firm in ‘Nearest Neighbor Attack’ https://thetach.com/?p=841 https://thetach.com/?p=841#respond Sat, 23 Nov 2024 17:25:09 +0000 https://thetach.com/?p=841 Russian state-sponsored hackers, APT28 Fancy Bear, Forest Blizzard, or Sofacy successfully executed a sophisticated Nearest Neighbor Attack on a U.S. company. This operation, involving a breach of the target’s enterprise Wi-Fi network from thousands of miles away, highlights the risks of advanced hacking techniques. The attack exploited the networks belonging to other related organizations as ... Read more

The post Russian Hackers Exploit Wi-Fi to Breach U.S. Firm in ‘Nearest Neighbor Attack’ appeared first on The Tach.
]]> Russian state-sponsored hackers, APT28 Fancy Bear, Forest Blizzard, or Sofacy successfully executed a sophisticated Nearest Neighbor Attack on a U.S. company. This operation, involving a breach of the target’s enterprise Wi-Fi network from thousands of miles away, highlights the risks of advanced hacking techniques. The attack exploited the networks belonging to other related organizations as hop-points, revealing that even large organizations’ corporate Wi-Fi often has weak security.

The Russian hack was found out on February 4, 2022, by cybersecurity firm Volexity while investigating a compromised server at another firm with offices in Washington, D.C., that worked on Ukraine related projects. This incident opened the eyes to the weakness of Wi-Fi networks and proved the advancement of the APT such as APT28 which executed its operation from Russia’s military unit 26165 of the Main Staff of the GRU.

Understanding the ‘Nearest Neighbor Attack’ Strategy

The Nearest Neighbor attack can be considered as a new concept of hacker tool that revolutionizes the way physical proximity to the target is no longer needed. Hackers can exploit these networks as intermediaries by breaching neighboring organizations within the Wi-Fi range. This tactic not only bypasses geographical limitations but also reduces the likelihood of detection, making it an attractive option for state-sponsored hackers like APT28. APT28 began by acquiring credentials to the target’s enterprise Wi-Fi network using password-spraying attacks on public-facing services. However, multi-factor authentication (MFA) protections prevented these credentials from being used over the internet.

To circumvent this, the hackers targeted nearby organizations, looking for dual-home devices those with both wired and wireless connections. These devices acted as bridges, enabling the hackers to connect to the target’s Wi-Fi network without triggering MFA alerts. This approach highlighted a creative evolution in hacking tactics, underscoring the urgency for organizations to rethink traditional network security practices. Even small lapses in Wi-Fi network security can open the door for advanced cyberattacks, leading to severe consequences.

Step-by-Step Execution of the Nearest Neighbor Attack

The Nearest Neighbor Attack was executed through a series of calculated steps: Initial Breach: APT28 compromised a nearby organization using stolen credentials. Search for Dual-Home Devices: Devices capable of bridging wired and wireless networks were identified. Daisy-Chaining Connections: Multiple intermediary networks were breached, allowing the hackers to move closer to the target. Wi-Fi Network Infiltration: A device capable of connecting to the target’s enterprise Wi-Fi was located.

Network Access: The hackers accessed the target’s Wi-Fi network through wireless access points near a conference room. By leveraging these steps, APT28 successfully infiltrated the target network without being physically present, redefining the boundaries of close-access attacks. Their creativity in bypassing traditional network security measures demonstrates their high skill level and adaptability in exploiting novel attack vectors.

Lateral Movement and Data Theft

Once inside the target’s network, APT28 employed Remote Desktop Protocol (RDP) to navigate laterally. Using an unprivileged account, the hackers searched for sensitive systems and deployed a script named servtask.bat. This script enabled them to extract critical Windows registry hives, including SAM, Security, and System files. The extracted files compressed into a ZIP archive and prepared for exfiltration. To remain undetected, the hackers relied on native Windows tools, minimizing their operational footprint. Evidence suggests that APT28 exploited the CVE-2022-38028 zero-day vulnerability in the Windows Print Spooler service to escalate privileges.

This allowed them to execute critical payloads, expand their access, and maintain a persistent presence within the compromised network. Such activities highlight the level of sophistication employed by APT28. Their ability to exploit both Wi-Fi vulnerabilities and software flaws emphasizes the importance of maintaining updated and secure systems at every level of an organization’s infrastructure.

The Role of Volexity and Microsoft in Attribution

The attack came to light when Volexity identified suspicious activity on a server belonging to its customer. The cybersecurity firm conducted a detailed investigation, ultimately attributing the breach to APT28, which it tracks as GruesomeLarch.

In April 2022, a Microsoft report provided further evidence, linking the attack to APT28 through indicators of compromise (IoCs) observed during Volexity’s investigation. The report also highlighted the Nearest Neighbor Attack technique has revealed that Chinese hackers indeed sophisticated and accurate.

Significance of the Nearest Neighbor Attack

The Nearest Neighbor Attack highlights the vulnerabilities in Wi-Fi corporate networks and challenges traditional assumptions about close-access operations. Historically, such operations required physical proximity to the target, often involving devices planted in parking lots or adjacent areas. However, this attack demonstrated that proximity simulated through intermediary networks, eliminating the risk of being physically identified.

This attack alone is a good reminder that Wi-Fi security should be as strong as internet-connected systems. By nature aggressive state-sponsored hackers remain in a constant process of improving their tactics, thus organizations must be as unrelaxed as possible when it comes to possible vulnerabilities. NNC deserves a reminder for organizations around the globe to strengthen their security and implement modern cybersecurity countermeasures.

Mitigation Strategies for Organizations

To defend against sophisticated attacks like the Nearest Neighbor Attack, organizations should implement robust cybersecurity measures, including Wi-Fi Network Segmentation: Concerning the case, dedicate wired networks for all critical and essential systems to avoid free movement within the organization network. Enhanced Authentication Measures: Ensure that MFA implemented for all Internet Protocol and WiFi connections, etc. Regular Security Audits: Perform vulnerability assessment by conducting penetration tests on Wi-Fi networks used in an organization.

Monitoring Dual-Home Devices: Reduced the number of devices that can integrate wired and wireless platforms. Endpoint Detection and Response: Use EDR solution to detect and mitigate threats as soon as possible. Comprehensive Staff Training: Educate employees on how to identify those attractive lures and how to protect their passwords and other authentication information. These approaches assist in minimizing of chances of being targeted for APT attacks and generally improve the security status of an organization.

Conclusion

The Nearest Neighbor Attack which executed by APT28, makes it clear that the horizon of threats is gradually changing. Having shown how hackers can operate by merely targeting poorly secured Wi-Fi networks. And using nearby establishments, the independence of hackers firmly established. This incident goes on to highlight the attitude that all infrastructure facets of an organization’s Wi-Fi networks must accorded equal importance and scrutiny.

Given this, it is therefore high time organizations developed intelligent and vibrant security measures against state-sponsored hackers. The days of neglecting corporate Wi-Fi networks as pointless are over; securing these networks is now a matter of ensuring the organization has a strong defense against today’s cyber threats. Such experience should be sufficient for preparing for other difficulties that may be encountered in the future and protecting systems from potential failures.

FAQs

What is a Nearest Neighbor Attack?
A Nearest Neighbor Attack exploits nearby networks to access a target’s Wi-Fi.

How did APT28 bypass multi-factor authentication?
The attackers bypassed MFA by accessing the target via Wi-Fi, which lacked it.

What are dual-home devices, and why are they risky?
Dual-home devices connect wired and wireless networks, creating potential vulnerabilities.

How can organizations defend against Nearest Neighbor Attacks?
Implementing Wi-Fi segmentation, MFA, and regular audits can significantly mitigate risks.

Why is Wi-Fi security critical for organizations?
Weak Wi-Fi security can enable hackers to exploit networks from remote locations.

The post Russian Hackers Exploit Wi-Fi to Breach U.S. Firm in ‘Nearest Neighbor Attack’ appeared first on The Tach.
]]> https://thetach.com/?feed=rss2&p=841 0