In a first, Russia's APT28 hacking group appears to have remotely breached the Wi-Fi of an espionage target by hijacking a laptop in another building across the street.
TLDR: they hacked a less secure network in range of their target network, then SSHed into a laptop on the less secure network and used it to hack the target network. Possibly even daisy chained less secure networks. The point of this was to not sit in a suspicious car next to your target while you brute force their wifi password (they have been caught previously).
My question is: how do you get caught while hacking wpa2? I’m not an expert, but I assume you can get the data you need to do an offline bruteforce just by driving by and sitting at a red light a few times, which is not suspicious at all even if you have a laptop out. Or did they try to hack wpa3? If so, I assume it’s trivial to detect online bruteforce attempts and stop responding to them, or even just whitelist MAC addresses?
Maybe they detected the compromise on the secure network, and only after some forensics did they work out that it came from a compromised laptop in a neighboring building.
“If a target is important enough, they’re willing to send people in person. But you don’t have to do that if you can come up with an alternative like what we’re seeing here,” Hultquist says.
TLDR: they hacked a less secure network in range of their target network, then SSHed into a laptop on the less secure network and used it to hack the target network. Possibly even daisy chained less secure networks. The point of this was to not sit in a suspicious car next to your target while you brute force their wifi password (they have been caught previously).
My question is: how do you get caught while hacking wpa2? I’m not an expert, but I assume you can get the data you need to do an offline bruteforce just by driving by and sitting at a red light a few times, which is not suspicious at all even if you have a laptop out. Or did they try to hack wpa3? If so, I assume it’s trivial to detect online bruteforce attempts and stop responding to them, or even just whitelist MAC addresses?
Maybe they detected the compromise on the secure network, and only after some forensics did they work out that it came from a compromised laptop in a neighboring building.
“If a target is important enough, they’re willing to send people in person. But you don’t have to do that if you can come up with an alternative like what we’re seeing here,” Hultquist says.
From the article