Shulou(Shulou.com)06/02 Report--

In a blog post posted by the Microsoft Security response Center on Monday, the company said that the STRONTIUM hacker group had carried out IoT-based attacks on unnamed Microsoft customers, and security researchers believed that the STRONTIUM hacker group had a close relationship with Russia's GRU military intelligence agency.

Microsoft said in a blog post that the attacks it discovered in April targeted three specific Internet of things devices: a VoIP phone, a video decoder and a printer (the company declined to identify brands) and used them to gain access to unspecified corporate networks. Two of the devices were compromised because they did not change the manufacturer's default password, while the other device did not apply the latest security patch.

Devices attacked in this way become the backdoor to secure networks, allowing attackers to scan these networks freely for further vulnerabilities and access other systems for more information. Attackers are also found investigating administrative groups on the compromised network, trying to gain more access, and analyzing local subnet traffic for other data.

STRONTIUM, also known as Fancy Bear, Pawn Storm, Sofacy and APT28, is believed to be behind a series of malicious cyber activities on behalf of the Russian government, including the attack on the Democratic National Committee in 2016, the attack on the World Anti-Doping Agency, an investigation into the shooting down of Malaysia Airlines Flight 17 over Ukraine, and a fabricated death threat to the wives of American soldiers.

According to an indictment issued by the office of Special adviser Robert Muller in July 2018, the STRONTIUM attack was directed by a group of Russian military officers, all of whom were wanted by the FBI in connection with these crimes.

Microsoft notified customers that it had been attacked by a nation-state and sent about 1400 STRONTIUM-related notifications in the past 12 months. Microsoft said most of them (4/5) were attacks on government, military, defence, IT, medicine, education and engineering organizations, while the rest were non-governmental organizations, think tanks and other "political affiliates".

According to the Microsoft team, the core of the vulnerability is an organization's lack of full understanding of all the devices running on its network. In addition, they recommend cataloging all IoT devices running in an enterprise environment, implementing custom security policies for each device, shielding Internet of things devices on separate networks where feasible, and performing periodic patches and configuration audits of Internet of things components.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.