Hackers working for the Russian government have been utilizing printers, video decoders, and other so-called Internet-of-issues devices as a beachhead to penetrate focused laptop networks, Microsoft officials warned on Monday.
“These devices turned factors of ingress from which the actor established a presence on the network and continued searching for further access,” officials with the Microsoft Threat Intelligence Center wrote in a post. “Once the actor had efficiently established access to the community, a simple network scan to search for other insecure gadgets allowed them to find and transfer across the network in search of higher-privileged accounts that will grant access to higher-worth data.”
Microsoft researchers found the attacks in April, when a voice-over-IP phone, an office printer, and a video decoder in a number of customer locations have been communicating with servers belonging to “Strontium,” a Russian government hacking group better referred to as Fancy Bear or APT28. In two cases, the passwords for the gadgets had been the easily guessable default ones they shipped with. Within the third instance, the system was running an old firmware version with a known vulnerability. While Microsoft officials concluded that Strontium was behind the assaults, they mentioned they weren’t able to determine what the group’s ultimate objectives were.
Last year, the FBI concluded the hacking group was behind the infection of more than 500,000 consumer-grade routers in 54 nations. Dubbed VPNFilter, the malware was a Swiss Military hacking knife of sorts. Advanced capabilities included the power to monitor, log, or modify traffic passing between network endpoints and websites or industrial control techniques utilizing Modbus serial communications protocol. The FBI, with help from Cisco’s Talos security group, ultimately neutralized VPNFilter.