General Discussion
Related: Editorials & Other Articles, Issue Forums, Alliance Forums, Region ForumsMicrosoft catches Russian state hackers using IoT devices to breach networks
Hackers working for the Russian government have been using printers, video decoders, and other so-called Internet-of-things devices as a beachhead to penetrate targeted computer networks, Microsoft officials warned on Monday.
These devices became points of ingress from which the actor established a presence on the network and continued looking for further access, officials with the Microsoft Threat Intelligence Center wrote in a post. Once the actor had successfully established access to the network, a simple network scan to look for other insecure devices allowed them to discover and move across the network in search of higher-privileged accounts that would grant access to higher-value data.
The officials continued:
After gaining access to each of the IoT devices, the actor ran tcpdump to sniff network traffic on local subnets. They were also seen enumerating administrative groups to attempt further exploitation. As the actor moved from one device to another, they would drop a simple shell script to establish persistence on the network which allowed extended access to continue hunting. Analysis of network traffic showed the devices were also communicating with an external command and control (C2) server.
Microsoft researchers discovered the attacks in April, when a voice-over-IP phone, an office printer, and a video decoder in multiple customer locations were communicating with servers belonging to Strontium, a Russian government hacking group better known as Fancy Bear or APT28. In two cases, the passwords for the devices were the easily guessable default ones they shipped with. In the third instance, the device was running an old firmware version with a known vulnerability. While Microsoft officials concluded that Strontium was behind the attacks, they said they werent able to determine what the groups ultimate objectives were.
https://arstechnica.com/information-technology/2019/08/microsoft-catches-russian-state-hackers-using-iot-devices-to-breach-networks/
uponit7771
(90,347 posts)... of date now.
The Russians are behind security and the main reason we need to audit elections
Wellstone ruled
(34,661 posts)Notice how Mickey Soft would not state the Ultimate objectives,meaning we do not want to get involved.
dalton99a
(81,515 posts)nykym
(3,063 posts)a Trojan Hoese kind of thing that would allow hackers to gain access to that particular fake account.
Which could then install kill software and bring down the Russian Sytem, or am i watching too many action cyber movies?
Sapient Donkey
(1,568 posts)They are mostly used to study the methods and tactics of attackers. I'm sure they could attempt to do things similar to what you suggest (and I wouldn't be surprised if some folks do), but I can only imagine how much the idea of it freaks out corporate lawyers.
But even if such things are implemented and they are successful, it also requires the attackers to have screwed up in keeping themselves isolated from anything important on their side. And really, what all can they take down on their side? It's just whack-a-mole when it comes to the attackers. Take down all of Russia's (or China's) internet? That might not go over too well, and we could do that without needing access to the attacker's system. Passive observation of their network and systems would be more useful in combating them. Really just need to proactively monitor our systems and networks, and take steps to stop them before they come in or as they come in.
At least that is my take on it. I could be totally wrong with my assessments.
BSdetect
(8,998 posts)Sapient Donkey
(1,568 posts)It was just a constant bombardment coming in from both China and Russia. The vast majority of it was automated probings and throwing whatever they could at systems, but it never ended.
durablend
(7,460 posts)Elections are perfectly safe and secure