Microsoft Threat Intelligence Center has a found malicious actor which has been constantly trying to ingress into organizations’ networks through IoT devices. Microsoft found this actor trying to compromise popular IoT devices across multiple customer locations.
Further investigation into the matter led to the discovery that the actor was using the devices to gain access to corporate networks. Microsoft in its blog wrote: “In two of the cases, the passwords for the devices were deployed without changing the default manufacturer’s passwords and in the third instance the latest security update had not been applied to the device.”
Microsoft believes that this activity is attributed to a group referred to as STRONTIUM. The group is also known as Fancy Bear and APT28. Although Microsoft has carried out a thorough investigation into the infiltration attempts, it could not conclusively determine what the group’s objectives were.
The company further mentioned in its blog that it had delivered almost 1400 nation-state notifications targeted by this group in the past twelve months. Beyond this, Microsoft observed that 80% of these attacks by STRONTIUM targeted organizations in governments, military, defense, medicine, IT, education, and engineering sectors.
Microsoft has urged organizations to carry out better enterprise integration of IoT devices to prevent such attacks.