The hacker group APT28, referred to as "Russian hackers," conducted a "close neighbor attack" on the American firm Volexity using WI-FI networks. The incident occurred in February 2022, but it only recently became known to journalists. Here's what happened.
Volexity noticed suspicious activity in one of the organizations in Washington. This firm was working on projects related to Ukraine. The hackers compromised a neighboring organization. Their WI-FI was accessible in the Volexity company's area. Using devices located within Volexity, the hackers connected to the organization's network.
They exploited the Windows Print Spooler vulnerability CVE-2022−38 028, elevated their privileges, and extracted confidential data, including registry branches, which they then compressed into ZIP files. To avoid detection, the hackers primarily used standard Windows tools.
Read more on this topic:
Hackers have learned how to deanonymize administrators in Telegram groups
Russian national arrested in the USA, suspected of hacking attacks