Tue. Feb 25th, 2020

Microsoft warns Fancy Bear is trying to exploit vulnerabilities on IoT devices

2 min read

Microsoft’s Threat Intelligence Centre reported that the Russian hacker group Fancy Bear has been trying to penetrate the corporate network by using the Internet of Things devices such as VoIP phones and printers. It is widely speculated that the organization is suspected to be controlled by Russian Military Intelligence agency GOV., also known as the Strontium Group or APT 28. The organization has successfully infected more than 500,000 consumer-grade routers in more than 50 different countries.

ICS Attack Framework “TRITON”

In April of this year, hackers attempted to target enterprise IoT devices and use these “soft points” to penetrate enterprise networks with larger specifications and stricter security measures. Hacker exploits the default factory settings for IoT devices. The other way is that exploiting outdated firmware in IoT devices that contains known vulnerabilities.

Microsoft explains:

Upon conclusion of our investigation, we shared this information with the manufacturers of the specific devices involved and they have used this event to explore new protections in their products

However, there is a need for broader focus across IoT in general, both from security teams at organisations that need to be more aware of these types of threats, as well as from IoT device makers who need to provide better enterprise support and monitoring capabilities to make it easier for security teams to defend their networks.