Share news article

Share on facebook
Share on twitter
Share on linkedin
Share on email

Airborne Drones Are Dropping Cyber-Spy Exploits in the Wild

Once limited to abstract academic conversation among cybersecurity enthusiasts, drones loaded with cyber-spying equipment are now being used in the real world to breach networks and steal information.

Cybersecurity researcher Greg Linares shared a Twitter thread on Oct. 10 providing an overview of a drone-based cyberattack he was privy to over the summer.

He explained it started when an unnamed financial company picked up unusual traffic on its network. A trace of the Wi-Fi signal behind the network activity led the threat hunters to the roof, where two drones were found. One was a modified DJI Phantom carrying what Linares called a “modified Wifi Pineapple device”; the other was a likewise modified DJI Matrice 600 drone loaded with “a Raspberry Pi, batteries, a GPD mini laptop, a 4G modem and another Wi-Fi device,” he added.

The cyberattack was partially successful, allowing attackers to target the internal Atlassian Confluence page to get access to credentials and other devices, Linares said. However, the threat hunters found one of the drones damaged, but still functioning.

“The attack was a limited success, and it appears that once the attackers were discovered, they accidentally crashed the drone on recovery,” Linares tweeted.

He explained this sort of drone exploit delivery attack probably cost no more than $15,000 to put together.

“Attackers are spending this range of budget in order to target your internal devices and are ok with burning it,” he cautioned. “This is the third real-world drone based attack I have encountered in two years.”

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.


Related News

CyberSecure Announces Strategic Alliance

CyberSecure Announces Strategic Alliance

BETHESDA, Md., March 24, 2023 /PRNewswire/ — Cybersecure IPS and LockDown Inc. jointly announce that they have entered a strategic alliance to…
Tesla Model 3 Hacked in Less Than 2 Minutes at Pwn2Own Contest

Tesla Model 3 Hacked in Less Than 2 Minutes at Pwn2Own Contest

Researchers from France-based pen-testing firm Synacktiv demonstrated two separate exploits against the Tesla Model 3 this week at the Pwn2Own…
GitHub's Private RSA SSH Key Mistakenly Exposed in Public Repository

GitHub's Private RSA SSH Key Mistakenly Exposed in Public Repository

GitHub, a Microsoft subsidiary has replaced its SSH keys after someone inadvertently published its private RSA SSH host key part of…