Close access and spearphishing: Cyber attack methods used by Russian agents

Russian intelligence officers have been accused of launching cyber attacks on the global chemical weapons watchdog investigating the Salisbury nerve agent attack.

Two methods used were named as close access and spearphishing.

Close access involves hackers attempting to breach a network by getting physically close to it.

In this case, officials said four GRU officers tried to hack into OPCW systems through its WiFi network by parking a car close to the organisation’s headquarters.

They were said to be in range of its WiFi signal and looking for unsecured devices on the network they could compromise to gain access.

(Dutch Ministry of Defence)
A car carrying hacking equipment used by GRU officers parked near the headquarters of the OPCW in The Hague (Dutch Ministry of Defence/PA)

Close access attacks can also be used when intruders wish to appear as insiders when accessing a network, using compromised credentials but without raising suspicion.

Cybersecurity expert Myles Bray from ForeScout said: “Large organisations typically have thousands of devices connected to their networks and the bad actors just need one unsecured device and they have found their window in.

“Because remote attacks can be traced back to their source, part of the appeal of access via a company’s WiFi is that it can help disguise who is behind the breach.”

The second tactic, spearphishing, is a more focused version of the common phishing attacks deployed by hackers, in which blanket malicious emails are sent to people asking for sensitive information such as bank details or encouraging them to visit a fake website which then downloads malware to their computer.

Whereas phishing attacks tend to be broad in scale with emails sent to individuals indiscriminately, a spearphishing attack is targeted at specific individuals or an organisation to gain access to a network.

Once inside, malware can used by hackers to block access to files in exchange for a ransom, as well as steal personal information or data and wipe information from a system.

Read Full Story Click here to comment