Hacker groups connected to Russian intelligence agencies are invading corporate networks using IoT devices such as mobile phones and printers connected to the Internet.Microsoft announced on a blog on August 5.
This hacker group is a group called "Strontium" or "Fancy Bear" and "Apt28".It is said to be connected to the Russian Federation of Chiefs of Staff, the Information Organization of the Russian Army, the General of the Federation of Chief of Staff (GRU).
The hacker group started working at least in 2007, and has been confirmed to be involved in many inferior hacking acts.In 2016, he invaded the US Democratic National Committee.In 2017, he attacked Ukraine using "Nottoya", which destroys all important data, and in 2018, he launched a political organization in Europe and the North American region throughout the year.
With new activities announced this time, the hacking group has invaded corporate networks from popular IoT devices such as printers connected to IP phones and online, and video decoders.Microsoft is very well aware of corporate networks around the world because many companies use Windows.Microsoft's Threat Intelligence Center has discovered a new Fancy Bear activity in April 2019.
When considering security, in many cases, smartphones and desktop PCs are prioritized.However, it is a device such as printers, web cameras, and decoders that provide hackers.
In multiple cases, Microsoft has confirmed that the IoT device password remained in the factory, so that fancy bare had invaded a targeted network.In another case, it was invaded because it did not apply the latest security update program.With these devices, the hacker created a foothold and searched for further intrusion routes.
On a blog posted on the 5th, Microsoft warned:"Once a hacker succeeds in establishing access to the network, it will search for a privileged account that can obtain more valuable data by a simple network scan that finds other non -secure devices, and move through the network."
Hackers move from a certain device to another device, continuously invades and deciphered the network configuration.In the meantime, they have been connected to command servers and control servers.
For the past year, Microsoft has strictly monitored Fancy Bear.
Of the 1400 reports sent by Microsoft to the target of the fancy bare or actually invaded, 20 % were non -governmental organizations, think tanks, and political organizations around the world.The remaining 80%are government agencies and various companies related to technology, military, medicine, education, and engineering.
"We have observed and reported the" Strontium "attack on the Olympic Organization Committee, anti -doping institutions, and hospitality industries," Microsoft warned on his blog.
Last year, the US Federal Bureau (FBI) made a destructive attack on the VPN Filter Malware.The VPN filter is a malware with catastrophic abilities to erase the firmware and make equipment unusable, targeting routers and network storage.The attack was mainly for Ukraine, a favorite target of Fancy Bear.
[Read this article in Mit Technology Review]