Microsoft today warned that Russian government hackers have been using video decoders, printers, and internet of things devices to breach computer networks.
In a blog post, the Microsoft Threat Intelligence Center wrote that the “devices became points of ingress from which the actor established a presence on the network and continued looking for further access.”
According to the post, Microsoft’s security researchers first discovered the attacks in April, noting that the actor had breached an office printer, a VOIP phone, and a video decoder in multiple locations. Each was communicating with a server belonging to “Strontium,” a state-sponsored hacking group better known as Fancy Bear or APT28.
If the name sounds familiar, it should. Last year the FBI found the hacking group to be behind an infection affecting more than 500,000 routers in 54 countries. The group was also one of two believed to be behind the DNC hack ahead of the 2016 election. Rounding out its resumé, Strantium has also been linked to hacks involving the World Anti-Doping Agency, German Bundestag, France’s TV5Monde TV station and others, according to Ars Technica.
In each case, according to Microsoft, bad security practices were to blame. The first two used default passwords, the easy-to-guess (or Google) defaults that the devices shipped with.
In the third instance, the device was running an older version firmware with a known vulnerability.
“While much of the industry focuses on the threats of hardware implants, we can see in this example that adversaries are happy to exploit simpler configuration and security issues to achieve their objectives,” the report states.