The hackers, who were unable to hack into their primary target’s computer directly, carried out a backdoor maneuver: they gained access to a device in a nearby building, and through it reached the target via a local Wi-Fi network. A report on an incident that occurred two years ago was presented at the Cyberwarcon conference by Volexity, a company that specializes in cybersecurity issues.
Volexity experts blamed the attack on the Fancy Bear (GruesomeLarch) group, which, according to them, is associated with Russian intelligence services. In an attempt to break into their target’s machine, the hackers launched a series of brute force attacks and compromised the passwords of several accounts on the web service platform used by the organization’s employees. But the attackers were unable to compromise the accounts themselves—two-factor authentication prevented them.
GruesomeLarch hackers resorted to a workaround. They successfully hacked into a Wi-Fi-connected computer located in a nearby building – relatively close to the original target’s computer. To do this, cybercriminals exploited a zero-day vulnerability in the Windows print spooler that was relevant for 2022. Through this computer, they penetrated the local network to which the main victim’s machine was connected – getting to it this way turned out to be easier, because the same credentials were used to access Wi-Fi as for the web service, only two-factor authorization was already was not required.
If you notice an error, select it with the mouse and press CTRL+ENTER.