Microsoft says default passwords, unpatched devices, poor inventory of IoT gear led to exploits against companies by Russia's STRONTIUM hacking group. Credit: Zmeel / Getty Images The STRONTIUM hacking group, which has been strongly linked by security researchers to Russia’s GRU military intelligence agency, was responsible for an IoT-based attack on unnamed Microsoft customers, according to the company. a blog post from the company’s security response center issued Monday. Microsoft said in a blog that the attack, which it discovered in April, targeted three specific IoT devices – a VoIP phone, a video decoder and a printer (the company declined to specify the brands) – and used them to gain access to unspecified corporate networks. Two of the devices were compromised because nobody had changed the manufacturer’s default password, and the other one hadn’t had the latest security patch applied. Devices compromised in this way acted as back doors to secured networks, allowing the attackers to freely scan those networks for further vulnerabilities, access additional systems, and gain more and more information. The attackers were also seen investigating administrative groups on compromised networks, in an attempt to gain still more access, as well as analyzing local subnet traffic for additional data. STRONTIUM, which has also been referred to as Fancy Bear, Pawn Storm, Sofacy and APT28, is thought to be behind a host of malicious cyber-activity undertaken on behalf of the Russian government, including the 2016 hack of the Democratic National Committee, attacks on the World Anti-Doping Agency, the targeting of journalists investigating the shoot-down of Malaysia Airlines Flight 17 over Ukraine, sending death threats to the wives of U.S. military personnel under a false flag and much more. According to an indictment released in July 2018 by the office of Special Counsel Robert Mueller, the architects of the STRONTIUM attacks are a group of Russian military officers, all of whom are wanted by the FBI in connection with those crimes. Microsoft notifies customers that it discovers are attacked by nation-states and has delivered about 1,400 such notifications related to STRONTIUM over the past 12 months. Most of those – four in five – went to organizations in the government, military, defense, IT, medicine, education and engineering sectors, and the remainder were for NGOs, think-tanks and other “politically affiliated organizations,” Microsoft said. The heart of the vulnerability, according to the Microsoft team, was a lack of full awareness by institutions of all the devices running on their networks. They recommended, among other things, cataloguing all IoT devices running in a corporate environment, implementing custom security policies for each device, walling off IoT devices on their own separate networks wherever practical, and performing regular patch and configuration audits on IoT gadgets. Related content news AI features boost Cisco's Panoptica application security software Cisco pads cloud-native security platform Panoptica with features that help customers protect containerized, microservice applications. By Michael Cooney May 07, 2024 5 mins Network Security Cloud Computing news analysis Red Hat extends Lightspeed generative AI tool to OpenShift and Enterprise Linux Red Hat's Lightspeed, a gen AI-powered assistant, will be extended to RHEL and OpenShift to help enterprises that want to use Linux, automation, and hybrid clouds but may not have the skills in house. By Maria Korolov May 07, 2024 4 mins Linux Network Management Software Servers news analysis Red Hat introduces 'policy as code' for Ansible New 'policy as code' capability for the Red Hat Ansible automation platform is aimed at reducing human error and the cost of implementing compliance directives. By Maria Korolov May 07, 2024 5 mins Linux Network Management Software news Riverbed launches AI-powered observability platform A new agent and updated capabilities across Riverbed's product portfolio are designed to improve network observability, enable AI-driven automation, and provide data-driven insights for enterprise IT managers. By Denise Dubie May 07, 2024 6 mins Network Management Software Network Monitoring PODCASTS VIDEOS RESOURCES EVENTS NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe