Fancy Bear, a threat actor associated with Russian intelligence agencies, is using proximity-based attacks, dubbed Nearest Neighbor attacks, to compromise organisations's networks located near a primary target in order to gain unauthorised access to another entity.
These attacks were first launched in February 2022 in Ukraine followed by public and private entities in the US. APT actors monitoring group Volexity has kept Russian-linked groups under surveillance, as it views them as one of the most active and dangerous groups operating today.
The success of these attacks largely depends on the security measures in place at the target organizations, with credential-stuffing attacks having a higher chance of success when the victim organizations do not employ Multi-Factor Authentication (MFA).
Fancy Bear has historically used a variety of tools and techniques to infiltrate networks and steal sensitive data. Its targets have ranged across multiple countries and sectors such as the Democratic National Committee, TV5Monde media outlet and the White House.
The new wave of Nearest Neighbor attacks represents a dangerous escalation in cyber warfare tactics, adding a new layer of complexity surrounding cybersecurity defenses to keep pace with evolving threats.
Fancy Bear’s latest tactics demonstrate a shift in how cyber threats are carried out by focusing not just on the target organisation itself, but also exploiting nearby networks to facilitate a chain of attacks.
As a result, it’s imperative for organizations, both large and small, to adopt comprehensive security strategies that include measures such as Multi-Factor Authentication and network segmentation to minimize the risk of falling victim to these increasingly sophisticated attacks.