Drones Used in Cyberattack on Financial Firm: New Espionage Tactics Emerge

Severity: High (Score: 66.5)

Sources: www.reuters.com, Mashable, www.theregister.com, www.wsj.com, Sea.Mashable

Summary

In a recent incident, modified drones were used to infiltrate the Wi-Fi network of a US East Coast financial firm. Security researcher Greg Linares reported that unusual activity on the firm's internal Atlassian Confluence page led to the discovery of a modified DJI Matrice 600 and Phantom drones on the building's roof. The drones were equipped with a Wi-Fi Pineapple device and a Raspberry Pi, which were used to intercept employee credentials. This attack is part of a growing trend in corporate espionage involving drones, with similar incidents reported in the past two years. The financial firm confirmed the attack but did not disclose its name due to non-disclosure agreements. The incident highlights vulnerabilities in corporate networks and the evolving tactics of cybercriminals. The Federal Communications Commission (FCC) has also extended the deadline for firmware updates on banned foreign-made drones and routers until 2029, raising concerns about espionage and data exfiltration. Key Points: • Modified drones were used to infiltrate a financial firm's Wi-Fi network. • The attack involved intercepting employee credentials via a Wi-Fi Pineapple device. • The FCC extended firmware update deadlines for banned foreign drones and routers until 2029.

Key Entities

• Volt Typhoon (apt_group)
• Data Breach (attack_type)
• China (country)
• United States (country)
• CWE-200 - Exposure of Sensitive Information (cwe)
• CWE-798 - Use of Hard-coded Credentials (cwe)
• Financial (industry)
• T1041 - Exfiltration Over C2 Channel (mitre_attack)
• T1071 - Application Layer Protocol (mitre_attack)
• Confluence (platform)
• DJI Matrice 600 (tool)
• DJI Phantom (tool)
• Fluke System (tool)
• GPD Mini Laptop (tool)
• Raspberry Pi (tool)