Latest in Gear

Image credit: metamorworks via Getty Images

Microsoft: Russian hackers are using IoT devices to infiltrate networks

The company has issued 1,400 nation-state notifications to the hackers' targets.
501 Shares
Share
Tweet
Share
Save

Sponsored Links

metamorworks via Getty Images

A state-sponsored Russian hacking group has been taking advantage of Internet of Things devices' poor security measures to infiltrate corporate networks, according to Microsoft. The company has revealed that researchers from Microsoft's Threat Intelligence Center have discovered hacking attempts on companies using popular IoT devices, namely VOIP phones, office printers and video decoders. In a couple of cases, the bad actors didn't even have to crack passwords: the devices used their manufacturers' default ones.

Microsoft has attributed the attacks to a group called Strontium, otherwise known as Fancy Bear and APT28. If you'll recall, Fancy Bear is believed to be a group of state-sponsored Russian hackers involved in the 2016 DNC hack, various infiltration attempts on US officials and attempts to disrupt the EU elections earlier this year. Microsoft was able to identify the attacks in their early stages, though, so the group's objectives remain unclear. What's crystal is that the IoT devices became points of entry for the infiltrators, allowing them to look for a way to dig deeper into the network.

The company explained:

"After gaining access to each of the IoT devices, the actor ran tcpdump to sniff network traffic on local subnets. They were also seen enumerating administrative groups to attempt further exploitation. As the actor moved from one device to another, they would drop a simple shell script to establish persistence on the network which allowed extended access to continue hunting. Analysis of network traffic showed the devices were also communicating with an external command and control (C2) server."

Microsoft said it has already delivered "1,400 nation-state notifications" to those who've been targeted by Strontium. Most of them were attacks targeting government, IT, military, defense, medicine, education and engineering sectors. One in five, however, targeted non-government organizations, think tanks and politically affiliated groups around the world.

The tech giant is now encouraging organizations to protect their networks by securing their IoT devices. It's also worth noting that Microsoft supports the FIDO Alliance's goal to establish a password-less security standard for the IoT industry.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
501 Shares
Share
Tweet
Share
Save

Popular on Engadget

Engadget's Guide to Privacy

Engadget's Guide to Privacy

View
Ask Engadget: How can I improve my rural internet?

Ask Engadget: How can I improve my rural internet?

View
Amazon Prime perks now include mobile game add-ons

Amazon Prime perks now include mobile game add-ons

View
Yamaha updates its THR desktop guitar amps for the first time in years

Yamaha updates its THR desktop guitar amps for the first time in years

View
iFixit's iPhone 11 Pro Max teardown investigates charging rumors

iFixit's iPhone 11 Pro Max teardown investigates charging rumors

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr