Incident Of The Week: Dutch Investigators Thwart Russian Cyber-Attack

In the dynamic world of cyber security, breaches are both tightly guarded and, sadly, imminent.

Combing through data, market research and threat-defense efforts taken by enterprises can be a daunting task. Here at Cyber Security Hub, we both track the latest industry news and make it more navigable for the IT professional. Cyber Security Hub coverage extends outwards – as it helps enterprises batten down their proverbial hatches.

In this edition of “Incident of the Week,” we examine an alleged nation-state hack that was foiled by Dutch investigators – resulting in a big “victory” for cyber defenders.

Supposed Russian agents connected to a GRU intelligence cyber warfare team (Unit 26165/APT 28) were named in a plot to hack the Organization for the Prevention of Chemical Weapons (OPCW), a prominent watchdog group, in The Hague in April 2018.

Four Russians were identified by Dutch officials, and news of the attempted cyber-attack is coming to light. The cyber unit attached to the attempted plot has allegedly carried out operations around the world, according to the BBC.

See Related: Incident Of The Week: Port Of San Diego Suffers Cyber-Attack

The OPCW is the one of the world’s largest watchdog groups, and in June absorbed additional power that drew the ire of Russia. It is being reported that the cyber agents were going to carry out a closed-access hack against the OPCW’s WiFi network.

In the rear of a car connected to the agents, officials recovered specialist equipment, including an antenna hidden beneath a jacket aimed at the organization’s building. The antenna would intercept login details, according to the Dutch intelligence service.

The BBC said the aim was to compromise and disrupt computers in the building. The hackers then reportedly planned to flee to Switzerland just days later (and even had the train tickets to do so). However, they were detained by before they could carry out the plan.

As the BBC notes, a “drive-by” attack targets WiFi networks and could allow for lateral movement once the network is compromised. Some hotspots can “harbor hardware weaknesses that can be exploited to grab traffic,” the same report notes.

See Related: Incident Of The Week: U.S. State Department Experiences Data Breach

It has been documented that hotspot makers can generate passwords that are simple to infiltrate. Industry research also points out “fundamental weaknesses” in creating hardened passwords, the BBC writes.

Faux-WiFi networks can also be created to lure legitimate users – at which point the culpable threat actor has numerous options to inflict his or her damage.

Luckily for OPCW investigations and officials close to them, the threat actors were closely monitored and detained on April 13.

Instead of jail time, however, the men were expelled back to Moscow – likely due to the 1961 Vienna Convention which provides immunity to diplomats.

The paper trail is equally long behind this cyber unit, as they had reportedly scouted the OPCW area, and a Russian laptop was found to be in key areas around the globe where investigators have been piecing together Russian involvement in controversial geopolitical events.

It is clear that the threat to the enterprise is profound, but nation-state efforts can cripple infrastructures and they keep public-sector security professionals on constant guard. These principles also carry over to big business and the private sector, as controversial hacking groups can also target large financial institutions, critical infrastructure, healthcare administrators, oil and gas companies, etc.

Stay tuned to the Cyber Security Hub for continued “Incident of the Week” coverage!

Be Sure To Check Out: Incident Of The Week: British Airways Breach Leaks 380K Transactions