Russian state hackers using IoT devices to breach networks
San Francisco: Hackers belonging to Russia's elite state-sponsored hacking groups have been using printers, video decoders and other so-called Internet-of-Thing (IoT) devices as a way to breach corporate networks, Microsoft officials have warned.
Researchers at the tech giant uncovered the attacks in April when a voice-over-IP phone, an office printer and a video decoder in multiple customer locations were communicating with servers belonging to STRONTIUM -- a Russian government hacking group better known as Fancy Bear or APT28.
"These devices became points of ingress from which the actor established a presence on the network and continued looking for further access.
"Once the actor had successfully established access to the network, a simple network scan to look for other insecure devices allowed them to discover and move across the network in search of higher-privileged accounts that would grant access to higher-value data," officials with the Microsoft Threat Intelligence Center wrote in a blog post on Monday.
Several sources estimate that by the year 2020, some 50 billion IoT devices will be deployed worldwide.
IoT devices are purposefully designed to connect to a network and many are simply connected to the Internet with little management or oversight.
"Over the last 12 months, Microsoft has delivered nearly 1,400 nation-state notifications to those who have been targeted or compromised by STRONTIUM. One in five notifications of STRONTIUM activity were tied to attacks against non-governmental organisations, think tanks, or politically affiliated organisations around the world," the Microsoft researchers added.
The remaining 80 per cent of STRONTIUM attacks have targeted organisations in the government, IT, military, defence, medicine, education and engineering.