Fancy Bear hackers used IoT devices to hack corporate networks

News
By
published

IoT devices provided an easy way into corporate networks

(Image credit: Methodshop / Pixabay)

A state-sponsored hacking group from Russia is targeting IoT devices in order to breach corporate networks which are then used to pivot to more high-value targets.

According to the Microsoft Threat Intelligence Center, attacks have been observed in the wild and Microsoft attributes these attacks to a group it calls Strontium which is also commonly known as either APT 28 or Fancy Bear.

The group played a significant role in the DNC hack of 2016 and thanks to an indictment filed in 2018 by US officials, we now know that it has been identified as Unit 26165 and Unit 74455 of the Russian military intelligence agency GRU.

Back in April of this year, Microsoft's security researchers discovered that Fancy Bear attempted “to compromise popular IoT devices across multiple customer locations”.

IoT security

According to Microsoft, Fancy Bear tried to gain access to a VOIP phone, an office printer and a video decoder. The company provided further details on its investigation into the group's activities in a blog post, saying:

“The investigation uncovered that an actor had used these devices to gain initial access to corporate networks. In two of the cases, the passwords for the devices were deployed without changing the default manufacturer’s passwords and in the third instance the latest security update had not been applied to the device.”

Apparently the hackers were using compromised IoT devices as an entry point into their targets' internal networks. Once inside, they would scan for other vulnerable systems which were then used to expand their initial foothold.

Fortunately Microsoft was able to block these attacks in their early stages but this means that it investigators won't be able to determine exactly what Fancy Bear was attempting to steal from the compromised networks. The company will reveal additional details regarding Fancy Bear's activities online at this year's Black Hat USA security conference.

IoT devices are increasingly under attack by hackers as many of them are protected by just a default password which is why the first thing you should do when setting up a new device is to change its password to something both unique and strong.

Via ZDNet

TOPICS
Anthony Spadafora
Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

Latest in Security
healthcare
Software bug meant NHS information was potentially “vulnerable to hackers”
A hacker wearing a hoodie sitting at a computer, his face hidden.
Experts warn this critical PHP vulnerability could be set to become a global problem
botnet
YouTubers targeted by blackmail campaign to promote malware on their channels
A close-up of a phone screen showing the Telegram, Signal and WhatsApp apps
Agentic AI has “profound” issues with security and privacy, Signal President says
botnet
Another top security camera maker is seeing devices hijacked into botnet
Bluetooth
Top Bluetooth chip security flaw could put a billion devices at risk worldwide
Latest in News
Lego Mario Kart – Mario & Standard Kart set on a shelf.
Lego just celebrated Mario Day in the best way possible, with an incredible Mario Kart set that's up for preorder now
TCL QM7K TV on orange background
TCL’s big, bright new mid-range mini-LED TVs have built-in Bang & Olufsen sound
Homepage of Manus, a new Chinese artificial intelligence agent capable of handling complex, real-world tasks, is seen on the screen of an iPhone.
Manus AI may be the new DeepSeek, but initial users report problems
Google Maps
Nightmare Google Maps glitch is deleting timelines, and there isn't a fix yet
Twitter social media application change logo to X. Elon Musk CEO of twitter rebranded Twitter to 'X'. Social media application technology concept.
X is down again – Elon Musk confirms 'massive cyberattack' as former Twitter site hit by fourth outage today
Joe Goldberg and Kate Lockwood sitting at a table and looking at the camera in You season 5.
Netflix releases a killer new trailer for You season 5 but my favorite character is missing from Joe's final chapter
More about security
botnet

YouTubers targeted by blackmail campaign to promote malware on their channels
A hacker wearing a hoodie sitting at a computer, his face hidden.

Experts warn this critical PHP vulnerability could be set to become a global problem
Whirlwind I Computer

Happy birthday, Director! The first operating system in the world turns 70 today
See more latest
Most Popular
Whirlwind I Computer
Happy birthday, Director! The first operating system in the world turns 70 today
Lego Mario Kart – Mario & Standard Kart set on a shelf.
Lego just celebrated Mario Day in the best way possible, with an incredible Mario Kart set that's up for preorder now
Tesla Model 3
Tesla's EV sales are plummeting – as used Model Y and Model 3 prices crash to bargain levels
TCL QM7K TV on orange background
TCL’s big, bright new mid-range mini-LED TVs have built-in Bang & Olufsen sound
A computer screen showing a spreadsheet in use.
This entire nation's public health department was found to be running on a single Excel spreadsheet
Person using Dyson V8 vacuum
Dyson vacuums have one big problem and I don't understand why
Glowing server racks inside a data center.
The dirty little secret about AI hardware that you should know about: server vendors have to wrestle with wafer thin margins and bigger customers
Joe Goldberg and Kate Lockwood sitting at a table and looking at the camera in You season 5.
Netflix releases a killer new trailer for You season 5 but my favorite character is missing from Joe's final chapter
Google Maps
Nightmare Google Maps glitch is deleting timelines, and there isn't a fix yet
botnet
YouTubers targeted by blackmail campaign to promote malware on their channels