The STRONTIUM hacking group, which has been strongly linked by security researchers to Russia’s GRU military intelligence agency, was responsible for an IoT-based attack on unnamed Microsoft customers, according to the company - a blog post from the company’s security response center issued Monday.
Microsoft said in a blog that the attack, which it discovered in April, targeted three specific IoT devices - a VoIP phone, a video decoder and a printer (the company declined to specify the brands) - and used them to gain access to unspecified corporate networks. Two of the devices were compromised because nobody had changed the manufacturer’s default password, and the other one hadn’t had the latest security patch applied.
Devices compromised in this way acted as back doors to secured networks, allowing the attackers to freely scan those networks for further vulnerabilities, access additional systems, and gain more and more information. The attackers were also seen investigating administrative groups on compromised networks, in an attempt to gain still more access, as well as analyzing local subnet traffic for additional data.