In a report released early this week, Microsoft says it is Russian state-sponsored hackers using vulnerable IoT devices to enter corporate networks.
According to Microsoft, a Russian hacker group under the name Strontium (which previously went by the name APT28 or Fancy Bear) is behind an attack that took place in April.
The same group has, by the way, taken responsibility for hacking the US party, the Democrats, or rather their main committee – the Democratic National Committee back in 2016, for the NotPetya attack against Ukraine in 2017, and targeted attacks on political groups in Europe and North America throughout 2018 .
But now it’s the corporate network in both the US and Europe as they are after. Back in April, researchers at the Microsoft Threat Intelligence Center found that the hacker group now goes for connected devices, the ones we also know as IoT devices, and of which there are a lot of companies in the office.
The devices are used as a springboard to advance into the network. And once the hackers were inside, a simple scan could give them access to other unsecured devices in the network, moving further into the company’s IT infrastructure.
In this way, the hackers look for accounts that give them access to valuable data, and they should probably find them.
Microsoft states that they stopped the attack early, so there are still plenty of unsafe devices in the companies and unfortunately, they are still not patched, and that also means that the hackers still have access to the corporate network.
Microsoft has not released the names of the devices they have found vulnerabilities in, but they do state that they have informed manufacturers to patch their devices.
You can read more on Microsoft’s blog, MSRC.