Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Security Microsoft Network Privacy

Microsoft Catches Russian State Hackers Using IoT Devices To Breach Networks (arstechnica.com) 99

An anonymous reader quotes a report from Ars Technica: Hackers working for the Russian government have been using printers, video decoders, and other so-called Internet-of-things devices as a beachhead to penetrate targeted computer networks, Microsoft officials warned on Monday. "These devices became points of ingress from which the actor established a presence on the network and continued looking for further access," officials with the Microsoft Threat Intelligence Center wrote in a post. "Once the actor had successfully established access to the network, a simple network scan to look for other insecure devices allowed them to discover and move across the network in search of higher-privileged accounts that would grant access to higher-value data."

Microsoft researchers discovered the attacks in April, when a voice-over-IP phone, an office printer, and a video decoder in multiple customer locations were communicating with servers belonging to "Strontium," a Russian government hacking group better known as Fancy Bear or APT28. In two cases, the passwords for the devices were the easily guessable default ones they shipped with. In the third instance, the device was running an old firmware version with a known vulnerability. While Microsoft officials concluded that Strontium was behind the attacks, they said they weren't able to determine what the group's ultimate objectives were.
Microsoft says they have notified the makers of the targeted IoT devices so they can add new protections. "Monday's report also provided IP addresses and scripts organizations can use to detect if they have also been targeted or infected," adds Ars Technica. "Beyond that, Monday's report reminded people that, despite Strontium's above-average hacking abilities, an IoT device is often all it needs to gain access to a targeted network."
This discussion has been archived. No new comments can be posted.

Microsoft Catches Russian State Hackers Using IoT Devices To Breach Networks

Comments Filter:
  • by Anonymous Coward

    ...does my egg timer need a Token Net connection?

    • Re:Why... (Score:5, Funny)

      by Opportunist ( 166417 ) on Tuesday August 06, 2019 @09:02AM (#59050182)

      How else could the manufacturer monetize your egg eating habits?

    • Re:Why... (Score:4, Interesting)

      by OzPeter ( 195038 ) on Tuesday August 06, 2019 @09:11AM (#59050240)

      ...does my egg timer need a Token Net connection?

      Because the fundamental usage of your egg timer is to measure a fixed period of time. The designers of your egg timer decided that rather than rely on their inaccurate hardware, they would instead use NTP to query a reliable time source. Thus allowing them to time your eggs with the accuracy of an atomic clock.

      • by wings ( 27310 )

        ...does my egg timer need a Token Net connection?

        It keeps your egg timer from blinking 12:00.

  • by Anonymous Coward on Tuesday August 06, 2019 @08:10AM (#59049936)

    Did they set the Russian spy bit in the IP header? The evil bit would be insufficient to determine they were Russian as there are also evil Iranians, North Koreans and Chinese...

    • by Anonymous Coward

      Intelligence. Read about those 12 Russians indicted by name for the DNC hack to get a brief idea about how much intelligence they have.

      https://edition.cnn.com/2018/07/13/politics/russia-investigation-indictments/index.html

      "Defendant VIKTOR BORISOVICH NETYKSHO () was the Russian military officer in command of Unit 26165, located at 20 Komsomolskiy Prospekt, Moscow, Russia. Unit 26165 had primary responsibility for hacking the DCCC and DNC, as well as the email accounts of individuals affiliated

    • by Zocalo ( 252965 ) on Tuesday August 06, 2019 @09:49AM (#59050474) Homepage
      It's often largely circumstantial, but generally APT groups are assigned a country based on metadata. The typical Slashdot reader pretty much assumes that Google, Facebook, etc. can build almost complete profiles of individuals, and it's the same process here only applied to coding groups. Individually, things like snippets of code that have been reused, IPs used, hosting providers used, crypto wallets used, etc. might not be very strong evidence, but when you have a combination of several of those with strong links to given groups, you can start putting a case together. If you can gain visibility of C2 server traffic or a private chat area, then get lucky with some bad OpSec then it's not unheard of for researchers to identify things like specific individuals or IPs assigned directly to government intelligence agencies.
  • Facebook, Google, Amazon etc are all spying on people and collecting insane amounts of data. They do it with your personal computer, phones and tablets. Aka trojan horses designed to gather as much information as they can about your mind, habits and lifestyle.
    • by tripleevenfall ( 1990004 ) on Tuesday August 06, 2019 @08:25AM (#59050010)

      Spying with the knowledge and permission of the rube involved is entirely different.

    • Facebook, Google, Amazon etc are all spying on people and collecting insane amounts of data. They do it with your personal computer, phones and tablets. Aka trojan horses designed to gather as much information as they can about your mind, habits and lifestyle.

      Yeah, if you think that what you just equated is equal, you have some fascinating synapses.

      So anyhow, good old Slashdot, where deflection and howaboutism is part of some people's jobs.

    • True. But at least they provide a service when doing so AND I can choose to not be spied on by them.

      Try again when it's something we buy from Russia that's spying on us, and not if we don't buy it.

  • by John.Banister ( 1291556 ) * on Tuesday August 06, 2019 @08:45AM (#59050108) Homepage
    I like Microsoft better already.
  • by BringsApples ( 3418089 ) on Tuesday August 06, 2019 @09:18AM (#59050282)

    Thank God Micorosoft has the technology in place to know when Russian Hackers are at work. [[rolls eyes]]

  • Comment removed (Score:4, Interesting)

    by account_deleted ( 4530225 ) on Tuesday August 06, 2019 @09:23AM (#59050326)
    Comment removed based on user account deletion
    • by kackle ( 910159 )

      There are laws about that for other things, like food, cars and toys. So why not for things that require a password.

      Because then you have to hire/build government department(s) to watch/enforce/prosecute those laws, forever.

      It sounds like more (inefficient) expense to this taxpayer.

    • Hyperbole is pronounced 'Hy per bo lee'. It's an understandable mistake if you're more literate than your social network.

  • “Every time he (Putin) sees me he says, ‘I didn’t do that,’ and I really believe that, when he tells me that, he means it,” - Donald J Trump
    https://ru.reuters.com/article... [reuters.com]
  • I love to collect information related to the technology and from this article, I got to the networks breaching using IoT device also can check https://www.printersrepairnear... [printersrepairnearme.com] if anyone is interested to know information related to the technology.
  • I got a lot of laughter and so many tin foil hat comments when I said that having all these smart gadgets was going to be bad. Now, since all your smart locks, doorbells, printers, lights, thermostats and all other nifty gadgets have no security, now who's laughing? Apparently, its not that hard to get past the best smart locks. The big concern should be the real infrastructure like natural gas pipe lines.

"...a most excellent barbarian ... Genghis Kahn!" -- _Bill And Ted's Excellent Adventure_

Working...