back to article Russian spies may have moved in next door to target your network

Not to make you paranoid, but that business across the street could, under certain conditions, serve as a launching point for Russian cyber spies to compromise your network. Using what it described as "a novel attack vector … not previously encountered," threat intel and memory forensics firm Volexity reported it's spotted …

  1. Yet Another Anonymous coward Silver badge

    "Enterprise" edition that cost $550 for six months of "unlimited VIP support."

    Sounds like a bargain compared to certain vendors - how do I sign up ?

  2. Anonymous Coward
    Anonymous Coward

    Novel?

    Who hasn't packed a laptop and directional antenna into a car and gone on a quest to see how far away from your office you could be and still be able to connect to your own network?

    1. Blazde Silver badge

      Re: Novel?

      The GRU (alleged) attack on the Organisation for the Prohibition of Chemical Weapons comes to mind. If your attackers are sufficiently motivated they'll just come to your wifi network in person. With ransoms and espionage as it is I think that's already a meaningful attack vector to consider for many organisations.

      Outsourcing that physical presence to someone else - consensually or not - is a natural next step, not very complicated, and will in fact often be easier, but it's still not completely obvious until you've started thinking about it.

      Bluetooth, even NFC, too of course. If you're in a multi-tenant office building the attacker could be on the other side of a partition wall. A problem that's surely only going to get worse.

    2. Jellied Eel Silver badge

      Re: Novel?

      Who hasn't packed a laptop and directional antenna into a car and gone on a quest to see how far away from your office

      Ah, you said your office, but-

      "Volexity's investigation reveals the lengths a creative, resourceful, and motivated threat actor is willing to go to in order to achieve their cyber espionage objectives,"

      Indeed. So AlphaGoo got in a little trouble when they packed that kit into their cars, then roamed around generating maps of WiFi networks. Now, they've gone one better and these creative, resourceful and motivated threat actors have shrunk their WiFi sniffing capabilty so people willingly carry them around in their pockets, on their wrists etc. Plus of course TIA.. I mean AlphGoo etc also map businesses, device IDs, OSs, firewalls etc that are in use, and have communications devices already inside target networks.

      But we can trust our tech companies.. can't we? I guess there's some reason why security conscious companies ban wireless devices inside their premises, which may or may not include the land around them.

  3. Khaptain Silver badge

    A lot of Russian activity ?

    We seem to be seeing more and more, alleged, Russian activity in the last few years..

    Is this actually verifiable or just propaganda, please ite sources ? It's an honest question, I would actually like to know how much of this is real.

    If it is real should I also presume that we are doing the same elsewhere ?

    1. Irongut Silver badge

      Re: A lot of Russian activity ?

      Cite sources? How about: "threat intel and memory forensics firm Volexity"

      As written in the article.

      1. amanfromMars 1 Silver badge

        MRDA ....

        Cite sources? How about: "threat intel and memory forensics firm Volexity” .... Irongut

        They would say that, wouldn’t they, Irongut ..... for they have threats to sell and FUD to create.

      2. Jellied Eel Silver badge

        Re: A lot of Russian activity ?

        How about: "threat intel and memory forensics firm Volexity"

        Never heard of them. What do they selll? Weasels?

        ...it's spotted what it believes to be the APT28 Kremlin-backed threat actor targeting one of its clients

        The idea of using an insecure network to jump across to a secure network is older than Alice & Bob's grandparents, and almost certainly pre-dates 'threat intel' businesses trying to flog you $9,999 a month services that state the bleedin obvious.

    2. Anonymous Coward
      Anonymous Coward

      Re: A lot of Russian activity ?

      I monitor our FI firewalls and have the team block malicious IPs nearly every single day.

      95% of the attacks (non-stop) are Russian gang Stark Industries. They buy up IPs and ranges by the millions. They mess with who is tables to mislead what country the IPs are in to mess with GEO blocking, but have IP's in likely every country. They have a couple other companies too, but Stark Industries is their biggest brand. Govs should be blackholing their IPs - if they really cared that is.

      1. Jellied Eel Silver badge

        Re: A lot of Russian activity ?

        They mess with who is tables to mislead

        The word you're looking for is "whois", so I doubt "they" are having to work very hard to mislead. I don't suppose you have any ermm.. evidence for this evil entity buying up millions of IPs?

        1. Anonymous Coward
          Anonymous Coward

          Re: A lot of Russian activity ?

          why yes, yes we do: https://krebsonsecurity.com/2024/05/stark-industries-solutions-an-iron-hammer-in-the-cloud/

          and the time you took to read this you could have found plenty of data on it yourself.

          1. Jellied Eel Silver badge

            Re: A lot of Russian activity ?

            why yes, yes we do

            Why no, no you don't...

            They buy up IPs and ranges by the millions

            Which isn't supported by the article cited. It mentioned a few /20s, which are 4,096 IP addresses. And it's also not unusual and why the Spamhaus project was invented in the first place. But it might also have overlooked the biggest threat to their business-

            https://en.wikipedia.org/wiki/Stark_Industries

            Given the MCU is owned by the Mouse, and the Mouse is notoriously litigious. Which might end up being a solution to this particular problem, and Disney ends up seizing any of the IP ranges claimed by Stark. But it's also nothing new, and pretty much a repeat of this problem child-

            https://en.wikipedia.org/wiki/Sanford_Wallace

            where El Reg gets an honorable mention, and again why Spamhaus sprang into being. Plus that had an ISP who's name escapes me providing Spamford with hosting, and claimed 'free speech' and was almost de-peered by a lot of ISPs.

  4. Khaptain Silver badge

    Rather than hit the thumbs down button like children why not just hit the reply button, provide something interesting to read and educate us all a little.

    1. m4r35n357 Silver badge
      1. m4r35n357 Silver badge

        Ah OK I get it now - you could have said that in the same thread as your actual question!

        (I'm not one of the downvoters BTW)

        1. Khaptain Silver badge

          Mea culpa, I did not realise that I was no longer in the thread..

    2. Irongut Silver badge

      How about you learn to read the article. You know like chlildren do.

      1. Khaptain Silver badge

        How about if you have nothing to add that you just say nothing.

        And what is a "chlildren" ?

        1. Anonymous Coward
          Anonymous Coward

          дети where you come from.

          Not that you take any notice even when it is in big letters next to a theatre.

  5. martinusher Silver badge

    WiFi has quite good security -- if you care to use it

    Wireless networks in corporate environments are supposed to be protected using 802.1x. This access protocol authenticates users before allowing them on the network. Users employ the same credentials -- traditionally username/password but it could be anything -- to log onto the network and if they're permitted the provision of keys for wireless encryption is automatic. Access points capable of managing this security often have a way of steering unauthorized -- visitor -- to a DMZ outside the corporate network proper.

    This mechanism isn't novel, its been in Windows since Windows 2000 for example, but for some reason people just don't seem to understand how to deploy it. I worked at one place, for example, where they were still using MAC address authentication in the 2010s.

  6. Anonymous Coward
    Anonymous Coward

    Microsoft has seized ?

    >Microsoft last week reported that it seized 240 fraudulent websites linked to a Phishing-as-a-Service operation based in Egypt

    SInce when was MS a law / cyber enforcement agency ?

    Something smells here.

    1. diodesign (Written by Reg staff) Silver badge

      Re: Microsoft has seized ?

      Yeah, on the basis that a trademark was infringed by the fake sites. It's kinda tenuous as it seems to be a Linux Foundation mark that's affected, and MSFT helps bankroll the foundation. Thus Microsoft gets be involved.

      But at least some bad sites got closed down. MS routinely does this, using trademark law to take over fraudulent sites with a court order.

      C.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like