Microsoft Exposes Russian Cyberattacks on Phones, Printers, Video Decoders
The Russian hacking group known for stealing sensitive emails from the Democratic National Committee during the 2016 presidential election season has been cracking into printers, phones and video decoders to gain access to corporate networks, the Microsoft Security Response Center Team reported on Monday.
The group, known by a number of names including “Strontium,” “Fancy Bear” and “APT 28,” accessed the devices by using the manufacturer’s default password or exploiting an unpatched flaw, Microsoft discovered.
After cracking a device, the intruders accessed its corporate network and scanned for more insecure devices, moving across the net and compromising high-privilege accounts with high-value data.
As the intruders moved from one device to another, they dropped a simple shell script to establish persistence on the network, allowing extended access for continued hunting, Microsoft noted.
What were the hackers seeking?
“Since we identified these attacks in the early stages, we have not been able to conclusively determine what Strontium’s ultimate objectives were in these intrusions,” the MSRC Team’s report states.