While being thousands of miles away, Russian hackers use "nearest neighbor attack."

A highly sophisticated hacking incident that surfaced last year at the 2024 Cyberwarcon conference in Arlington, Virginia, recounts one of the boldest attacks by state-sponsored cyber attackers.

In a 2022 breach orchestrated by hackers linked to Russia's GRU, a highly advanced daisy-chain attack exploited neighboring Wi-Fi networks to breach into the system of a high-value target.

According to Bleeping Computer, the hackers allegedly of the group called GruesomeLarch, have ties to the infamous Fancy Bear and have launched their attack after traditional methods failed. Their operation started with attempts at credential stuffing on a web service platform utilized by the victim's employees. Although they managed to compromise several passwords, their advancement was derailed by two-factor authentication (2FA).

The determined attackers, targeting Wi-Fi-enabled devices in adjacent buildings, compromised these devices to gain access to the target's network.

In an interesting oversight, the accounts were protected on web services using 2FA but were not using 2FA on the Wi-Fi network, revealing an important security vulnerability.

They managed to control the neighboring devices by exploiting the unpatched zero-day vulnerability in the Print Spooler of Microsoft Windows. This vulnerability reported active in early 2022, provided them with a door to attack. Once inside one of the neighboring networks, they applied the same strategy with the second adjacent system, hence reaching the target's primary Wi-Fi network.

"This is a fascinating attack where a foreign adversary essentially conducted a close access operation while being physically quite far away," Steven Adair, a researcher and the president of Volexity, wrote in an email.

Adair added that the hackers were able to attack and discovered that there's a technique to infiltrate the Wi-Fi without being caught.

It should be noted that this incident shows how one security oversight -- it had not implemented 2FA on the Wi-Fi network -- can undo an otherwise strong defense.

Ars Technica reports that the assumption of organizations about proximity-based attacks is often that they are less likely and that strict security enforcement doesn't have to be implemented over internal networks. GruesomeLarch exploited that gap and outmaneuvered defenses using advanced persistence techniques.

GruesomeLarch is part of a larger group of the Advanced Persistent Threat (APT) groups, like APT28 and Fancy Bear, which are alleged to be linked with the GRU. These threats uniquely concentrate on finding and utilizing vulnerabilities and remain persistently menacing for the global cybersecurity landscape.

With a lot of things going on the internet, there's a need for every network to take care of Wi-Fi. There should be tighter security when handling these things in order to remove security threats.