Russian state-sponsored hackers behind IoT cyberattacks, Microsoft says
Russian state-sponsored hackers are allegedly cracking into internet of things (IoT) devices, according to Microsoft.
Security experts from Microsoft's Threat Intelligence Center said that in April they discovered "infrastructure of a known adversary communicating to several external devices", which basically translates to hacking activity across a trio of IoT devices: a VOIP phone, an office printer, and a video decoder, The Inquirer reports.
"The investigation uncovered that an actor had used these devices to gain initial access to corporate networks. In two of the cases, the passwords for the devices were deployed without changing the default manufacturer's passwords and in the third instance the latest security update had not been applied to the device," the researchers said.
And such tempting targets are clearly appealing to Russian hackers, according to Microsoft. The firm's security center found that the IoT attacks it spotted all fed back to a server belonging to the STRONTIUM state-sponsored hacking group, also known as Fancy Bear.
Given Microsoft noticed the IoT hacking at its early stages, it wasn't able to figure out why the hackers were trying to crack into the network. But it did note the attacks seemed aimed at specific sectors, which would indicate that such attacks are properly targeted and have specific cyber objectives.
"Over the last twelve months, Microsoft has delivered nearly 1,400 nation-state notifications to those who have been targeted or compromised by STRONTIUM," the researchers said.
"One in five notifications of STRONTIUM activity were tied to attacks against non-governmental organizations, think tanks, or politically affiliated organizations around the world. The remaining 80% of STRONTIUM attacks have largely targeted organizations in the following sectors: government, IT, military, defense, medicine, education, and engineering."
Microsoft touted various ways one might defend themselves against IoT hack, such as using a separate network for the devices and developing a custom security policy for each IoT gizmo.