Latest in Gear

Image credit: metamorworks via Getty Images

Microsoft: Russian hackers are using IoT devices to infiltrate networks

The company has issued 1,400 nation-state notifications to the hackers' targets.
503 Shares
Share
Tweet
Share
Save

Sponsored Links

metamorworks via Getty Images

A state-sponsored Russian hacking group has been taking advantage of Internet of Things devices' poor security measures to infiltrate corporate networks, according to Microsoft. The company has revealed that researchers from Microsoft's Threat Intelligence Center have discovered hacking attempts on companies using popular IoT devices, namely VOIP phones, office printers and video decoders. In a couple of cases, the bad actors didn't even have to crack passwords: the devices used their manufacturers' default ones.

Microsoft has attributed the attacks to a group called Strontium, otherwise known as Fancy Bear and APT28. If you'll recall, Fancy Bear is believed to be a group of state-sponsored Russian hackers involved in the 2016 DNC hack, various infiltration attempts on US officials and attempts to disrupt the EU elections earlier this year. Microsoft was able to identify the attacks in their early stages, though, so the group's objectives remain unclear. What's crystal is that the IoT devices became points of entry for the infiltrators, allowing them to look for a way to dig deeper into the network.

The company explained:

"After gaining access to each of the IoT devices, the actor ran tcpdump to sniff network traffic on local subnets. They were also seen enumerating administrative groups to attempt further exploitation. As the actor moved from one device to another, they would drop a simple shell script to establish persistence on the network which allowed extended access to continue hunting. Analysis of network traffic showed the devices were also communicating with an external command and control (C2) server."

Microsoft said it has already delivered "1,400 nation-state notifications" to those who've been targeted by Strontium. Most of them were attacks targeting government, IT, military, defense, medicine, education and engineering sectors. One in five, however, targeted non-government organizations, think tanks and politically affiliated groups around the world.

The tech giant is now encouraging organizations to protect their networks by securing their IoT devices. It's also worth noting that Microsoft supports the FIDO Alliance's goal to establish a password-less security standard for the IoT industry.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
503 Shares
Share
Tweet
Share
Save

Popular on Engadget

Engadget’s guide to Home Entertainment

Engadget’s guide to Home Entertainment

View
US says digital assets are covered by money laundering and disclosure laws

US says digital assets are covered by money laundering and disclosure laws

View
San Francisco's proposed office would prevent 'reckless' tech rollouts

San Francisco's proposed office would prevent 'reckless' tech rollouts

View
Porsche's Macan EV will fully replace its gas counterpart in a few years

Porsche's Macan EV will fully replace its gas counterpart in a few years

View
Crowdfunded case will give your Windows PC that Mac Pro look

Crowdfunded case will give your Windows PC that Mac Pro look

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr