Microsoft today warned that Russian government hackers have been using video decoders, printers, and internet of things devices to breach computer networks.
In a blog post, the Microsoft Threat Intelligence Center wrote that the “devices became points of ingress from which the actor established a presence on the network and continued looking for further access.”
According to the post, Microsoft’s security researchers first discovered the attacks in April, noting that the actor had breached an office printer, a VOIP phone, and a video decoder in multiple locations. Each was communicating with a server belonging to “Strontium,” a state-sponsored hacking group better known as Fancy Bear or APT28.
If the name sounds familiar, it should. Last year the FBI found the hacking group to be behind an infection affecting more than 500,000 routers in 54 countries. The group was also one of two believed to be behind the DNC hack ahead of the 2016 election. Rounding out its resumé, Strantium has also been linked to hacks involving the World Anti-Doping Agency, German Bundestag, France’s TV5Monde TV station and others, according to Ars Technica.
The <3 of EU tech
The latest rumblings from the EU tech scene, a story from our wise ol' founder Boris, and some questionable AI art. It's free, every week, in your inbox. Sign up now!
In each case, according to Microsoft, bad security practices were to blame. The first two used default passwords, the easy-to-guess (or Google) defaults that the devices shipped with.
In the third instance, the device was running an older version firmware with a known vulnerability.
“While much of the industry focuses on the threats of hardware implants, we can see in this example that adversaries are happy to exploit simpler configuration and security issues to achieve their objectives,” the report states.
Get the TNW newsletter
Get the most important tech news in your inbox each week.