While stalking its target, GruesomeLarch performed credential-stuffing attacks that compromised the passwords of several accounts on a web service platform used by the organization’s employees. Two-factor authentication enforced on the platform, however, prevented the attackers from compromising the accounts.
So GruesomeLarch found devices in physically adjacent locations, compromised them, and used them to probe the target’s Wi-Fi network. It turned out credentials for the compromised web services accounts also worked for accounts on the Wi-Fi network, only no 2FA was required.
Adding further flourish, the attackers hacked one of the neighboring Wi-Fi-enabled devices by exploiting what in early 2022 was a zero-day vulnerability in the Microsoft Windows Print Spooler.
→ Continue reading at Ars Technica