![]() The attack, he said, had limited success and is the third cyberattack involving a drone he's seen over the past two years. The attackers specifically targeted a limited access network, used by both a third-party and internally, that was not secure due to recent changes at the companyĪccording to Linares, the tools on the drones were used to target the company's internal Confluence page in order to reach other internal devices using the credentials stored there. "This data was later hard coded into the tools that were deployed with the Matrice." "During their investigation, they determined that the DJI Phantom drone had originally been used a few days prior to intercept a worker's credentials and Wi-Fi," Linares said. It had landed near the building's heating and ventilation system and appeared to be damaged but still operable. The Matrice drone was carrying a case that contained a Raspberry Pi, several batteries, a GPD mini laptop, a 4G modem, and another Wi-Fi device. The Phantom drone was in fine condition and had a modified Wi-Fi Pineapple device, used for network penetration testing, according to Linares. "This led the team to the roof, where a 'modified DJI Matrice 600' and a 'modified DJI Phantom' series were discovered," Linares explained. The team then took steps to trace the Wi-Fi signal and used a Fluke system to identify the Wi-Fi device. That is to say, the user was active off-site but someone within Wi-Fi range of the building was trying to wirelessly use that user's MAC address, which is a red flag. The company's security team responded and found that the user whose MAC address was used to gain partial access to the company Wi-Fi network was also logged in at home several miles away. This led the team to the roof, where a 'modified DJI Matrice 600' and a 'modified DJI Phantom' series were discovered In a Twitter thread, Linares said the hacking incident was discovered when the financial firm spotted unusual activity on its internal Atlassian Confluence page that originated from within the company's network. The Register corresponded with an individual affiliated with the affected company who corroborated Linares's account and asked not to be identified owing to a non-disclosure agreement and employment concerns.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |