Wi-Fi phishing attacks discovered around Atlanta City Hall

As Atlanta continues to fully recover from March’s ransomware attack, new evidence discovered today by Coronet reveals hundreds of active Wi-Fi phishing attacks currently ongoing both inside of and in close proximity to Atlanta City Hall.

The research also found attacks currently underway in Georgia’s State Capitol Building, which is just a few blocks away. In total, Coronet identified 678 active threats within a 5-mile radius of Atlanta’s City Hall.

The threats

Specifically, Coronet has validated that an undetermined number of attackers are currently deploying advanced phishing techniques, including but not limited to Evil Twins, Captive Portals and ARP poisoning, in what is likely their attempt to gain unauthorized access to user credentials to cloud services that the government relies on for daily business operations and continuity.

The discovery

The threats were first discovered when an attacker attempted to phish several devices installed with Coronet’s SecureCloud platform. Researchers were able to identify the attack on those specific devices, and block any potential exposure to both the user and all of the cloud applications being used.

“While there is a lot we don’t know about the ongoing threats inside of Atlanta City Hall, we can say with complete confidence that the building – and all of the networks, devices and systems within – are at severe risk of another damaging cyberattack. We would urge those responsible for the City’s digital security to reassess its security posture before another event takes place, which someone, somewhere is clearly trying to pursue,” said Said Dror Liwer, CISO at Coronet.