APT28 Breaches US Firm via Wi-Fi Using Nearest Neighbor Attack Technique
Monday, November 17, 2025
Top 5 Cybersecurity Stories You Should Know
-
APT28 Breaches US Firm via Wi-Fi Using Nearest Neighbor Attack Technique — tl;dr: Russian state hackers APT28 exploited a 'nearest neighbor attack' to breach a U.S. firm by compromising a nearby organization's Wi-Fi network. The attack, discovered by Volexity, involved obtaining credentials through password-spraying and leveraging dual-home devices to connect to the target's enterprise Wi-Fi from thousands of miles away. This incident highlights the need for robust security measures for corporate Wi-Fi networks, including multi-factor authentication and regular monitoring for unauthorized access. Organizations should treat Wi-Fi access with the same security diligence as other remote access services.
↪ https://www.bleepingcomputer.com/news/security/hackers-breach-us-firm-over-wi-fi-from-russia-in-nearest-neighbor-attack/ -
CISA Offers Free Cybersecurity Training and Exercises for Workforce Development — tl;dr: The Cybersecurity and Infrastructure Security Agency (CISA) provides free online training and exercises aimed at enhancing the skills of federal employees, private-sector professionals, and the general public in cybersecurity. Their CISA Learning platform offers various courses, including incident response training and specialized programs for critical infrastructure operators. Organizations can also participate in cybersecurity exercises to improve resilience against threats. Stakeholders are encouraged to utilize these resources to strengthen their cybersecurity capabilities and prepare for potential cyber incidents.
↪ https://www.cisa.gov/cybersecurity-training-exercises -
Cybersecurity Awareness Month 2023: Building a Cyber Strong America — tl;dr: October is Cybersecurity Awareness Month, emphasizing the importance of cybersecurity for critical infrastructure in the U.S. CISA highlights the need for state, local, tribal, and territorial governments, as well as small and medium businesses, to take immediate action to enhance their cybersecurity measures. This year's theme, 'Building a Cyber Strong America,' calls for organizations to protect their systems and services against persistent cyber threats. CISA provides resources and a toolkit for organizations to develop their own cybersecurity campaigns, ensuring resilience and security for communities and customers alike.
↪ https://www.cisa.gov/cybersecurity-awareness-month -
CISA Issues Guidance to Combat Akira Ransomware Threat — tl;dr: CISA, in collaboration with the FBI and partners, has released updated guidance to help organizations defend against the Akira ransomware threat, which targets critical sectors including manufacturing, education, healthcare, and finance. The guidance includes new Indicators of Compromise (IOCs) and Tactics, Techniques, and Procedures (TTPs) to assist in detection and mitigation efforts. Organizations are urged to implement these recommendations to bolster their cybersecurity posture and protect sensitive data from potential exploitation.
↪ https://www.cisa.gov/ -
Nippon Steel Solutions Faces Data Breach from Zero-Day Attack — tl;dr: Nippon Steel Solutions, a subsidiary of Nippon Steel Corporation, has experienced a significant data breach due to a zero-day attack, exploiting an unknown vulnerability. This incident poses critical risks to European organizations in the steel manufacturing and supply chain sectors, potentially leading to the theft of sensitive data and operational disruptions. Companies with ties to Nippon Steel Solutions may face secondary threats. To mitigate risks, organizations are advised to enhance threat detection, implement advanced security measures, and collaborate with industry information sharing centers for timely intelligence on emerging vulnerabilities.
↪ https://radar.offseq.com/threat/nippon-steel-solutions-suffered-a-data-breach-foll-368a681e
Featured LufSec Resource
Cybersecurity Career Guide (Free eBook) — Actionable playbook to land your first role.
Explore →
Connect with LufSec
- YouTube: https://www.youtube.com/@lufsec
- Instagram: https://www.instagram.com/lufsec
