Microsoft observes Russian hackers actively attacking businesses through IoT devices

The group known as Fancy Bear has played a role in some of the biggest hacks of recent years

Growling Grizzly bear with Russian hat

Microsoft has said a high-profile Russian state-sponsored hacking group is actively attacking businesses through internet of things (IoT) devices.

The Redmond-based tech giant attributed the observed attacks to a group called STRONTIUM, also known as APT28 or Fancy Bear - the same group behind the cyber attack on the 2018 Winter Olympics in Pyeongchang.

Advertisement - Article continues below

Three separate IoT devices were used in the spotted attacks including a VOIP phone, an office printer and video decoder - they acted as entry points for the attackers to establish a foothold on the victims' networks.

Affected businesses spanned "multiple customer locations" according to Microsoft. After establishing the initial foothold, "a simple network scan to look for other insecure devices allowed them to discover and move across the network in search of higher-privileged accounts that would grant access to higher-value data".

The IoT devices were compromised using easily preventable methods on the customer's part - examples of poor security practices that have been widely condemned by the industry.

In two cases, Microsoft note, the IoT device's default passwords had not been changed which made for easy access for hackers with basic knowledge of the device. Changing IoT device default passwords is standard industry practice but all too often the simple security procedure is overlooked.

Advertisement - Article continues below
Advertisement - Article continues below

In another instance, a victim organisation hadn't kept the device's firmware up to date which meant the attackers could exploit vulnerabilities that were probably patched in the device's latest update.

"While much of the industry focuses on the threats of hardware implants, we can see in this example that adversaries are happy to exploit simpler configuration and security issues to achieve their objectives," said Microsoft. "These simple attacks taking advantage of weak device management are likely to expand as more IoT devices are deployed in corporate environments."

These two security errors highlight common industry malpractice regarding IoT devices; issues that could be easily prevented if the customer made security a priority. But James Slaby, director of cyber protection at Acronis, noted the blame shouldn't always be on the customer.

"IoT devices both for industrial and consumer applications have already demonstrated very little focus on cybersecurity," he said. "The reasons are simple: device manufacturers are financially incented by their investors to get their products to market as cheaply and as quickly as possible.

Advertisement - Article continues below

"Little thought is being given to architecting security into their products, and many devices are not capable of receiving patches or other updates to close vulnerabilities once they have been publicly identified," Slaby added. "They bear none of the costs of cyberattacks, so have little reason to spend on improving device security."

The Fancy Bear group has pulled off some other high-profile hacks in years gone by, including a role played in the 2016 hacking of the American presidential election.

In September 2018 Fancy Bear was accused of using rootkit malware to hack and assume control of government systems. It also exposed a document in 2017 showing which professional footballers were cleared to use banned medicines during the 2010 World Cup.

Featured Resources

Preparing for long-term remote working after COVID-19

Learn how to safely and securely enable your remote workforce

Download now

Cloud vs on-premise storage: What’s right for you?

Key considerations driving document storage decisions for businesses

Download now

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Transforming productivity

Solutions that facilitate work at full speed

Download now



University of California gets fleeced by hackers for $1.14 million

30 Jun 2020
cyber security

Australia announces $1.35 billion investment in cyber security

30 Jun 2020
cloud security

CSA and ISSA form cyber security partnership

30 Jun 2020
ethical hacking

Mobile banking apps are exposing user data to attackers

26 Jun 2020

Most Popular

Google Android

Over two dozen Android apps found stealing user data

7 Jul 2020

How to find RAM speed, size and type

24 Jun 2020

The road to recovery

30 Jun 2020