Friendly forums for passionate Dems!
More than 91 million posts since 2001
Home Latest Greatest Videos Forums Hide ads Join up!
Home Latest Greatest
Videos Forums Help
Hide ads Join up!
Latest Discussions»General Discussion»Microsoft catches Russian...
Welcome to DU! The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards. Join the community: Create a free account Support DU (and get rid of ads!): Become a Star Member Latest Breaking News General Discussion The DU Lounge All Forums Issue Forums Culture Forums Alliance Forums Region Forums Support Forums Help & Search

General Discussion

Related: Editorials & Other Articles, Issue Forums, Alliance Forums, Region Forums

douglas9

(4,358 posts) Tue Aug 6, 2019, 12:17 PM Aug 2019

Microsoft catches Russian state hackers using IoT devices to breach networks

Hackers working for the Russian government have been using printers, video decoders, and other so-called Internet-of-things devices as a beachhead to penetrate targeted computer networks, Microsoft officials warned on Monday.

“These devices became points of ingress from which the actor established a presence on the network and continued looking for further access,” officials with the Microsoft Threat Intelligence Center wrote in a post. “Once the actor had successfully established access to the network, a simple network scan to look for other insecure devices allowed them to discover and move across the network in search of higher-privileged accounts that would grant access to higher-value data.”

The officials continued:

After gaining access to each of the IoT devices, the actor ran tcpdump to sniff network traffic on local subnets. They were also seen enumerating administrative groups to attempt further exploitation. As the actor moved from one device to another, they would drop a simple shell script to establish persistence on the network which allowed extended access to continue hunting. Analysis of network traffic showed the devices were also communicating with an external command and control (C2) server.

Microsoft researchers discovered the attacks in April, when a voice-over-IP phone, an office printer, and a video decoder in multiple customer locations were communicating with servers belonging to “Strontium,” a Russian government hacking group better known as Fancy Bear or APT28. In two cases, the passwords for the devices were the easily guessable default ones they shipped with. In the third instance, the device was running an old firmware version with a known vulnerability. While Microsoft officials concluded that Strontium was behind the attacks, they said they weren’t able to determine what the group’s ultimate objectives were.

https://arstechnica.com/information-technology/2019/08/microsoft-catches-russian-state-hackers-using-iot-devices-to-breach-networks/



InfoView thread info, including edit history TrashPut this thread in your Trash Can (My DU » Trash Can) BookmarkAdd this thread to your Bookmarks (My DU » Bookmarks) 8 replies, 985 views
ShareGet links to this post and/or share on social media AlertAlert this post for a rule violation PowersThere are no powers you can use on this post EditCannot edit other people's posts ReplyReply to this post EditCannot edit other people's posts Rec (15) ReplyReply to this post
8 replies = new reply since forum marked as read
Highlight: NoneDon't highlight anything 5 newestHighlight 5 most recent replies
Microsoft catches Russian state hackers using IoT devices to breach networks (Original Post) douglas9 Aug 2019 OP
K&R, I've been saying since Mueller report that DMZ's, front back nics whatever is out uponit7771 Aug 2019 #1
Boys and Girls,we have been fore warned. Wellstone ruled Aug 2019 #2
Kick dalton99a Aug 2019 #3
Can't the US companies set up nykym Aug 2019 #4
Places do set up honeypots for various reasons. Sapient Donkey Aug 2019 #7
They are at it continuously. BSdetect Aug 2019 #5
I worked in a security operations center as an analyst (sounds cooler than it is, I think) Sapient Donkey Aug 2019 #8
Not to worry, folks durablend Aug 2019 #6

uponit7771

(90,347 posts)
1. K&R, I've been saying since Mueller report that DMZ's, front back nics whatever is out
Reply to douglas9 (Original post)
Tue Aug 6, 2019, 12:19 PM
Aug 2019

... of date now.

The Russians are behind security and the main reason we need to audit elections

TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  EditCannot edit other people's posts RecommendRecommend this post ReplyReply to this post
 

Wellstone ruled

(34,661 posts)
2. Boys and Girls,we have been fore warned.
Reply to douglas9 (Original post)
Tue Aug 6, 2019, 01:23 PM
Aug 2019

Notice how Mickey Soft would not state the Ultimate objectives,meaning we do not want to get involved.

TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  EditCannot edit other people's posts RecommendRecommend this post ReplyReply to this post

nykym

(3,063 posts)
4. Can't the US companies set up
Reply to douglas9 (Original post)
Tue Aug 6, 2019, 01:28 PM
Aug 2019

a Trojan Hoese kind of thing that would allow hackers to gain access to that particular fake account.
Which could then install kill software and bring down the Russian Sytem, or am i watching too many action cyber movies?

TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  EditCannot edit other people's posts RecommendRecommend this post ReplyReply to this post

Sapient Donkey

(1,568 posts)
7. Places do set up honeypots for various reasons.
Reply to nykym (Reply #4)
Tue Aug 6, 2019, 02:10 PM
Aug 2019

They are mostly used to study the methods and tactics of attackers. I'm sure they could attempt to do things similar to what you suggest (and I wouldn't be surprised if some folks do), but I can only imagine how much the idea of it freaks out corporate lawyers.

But even if such things are implemented and they are successful, it also requires the attackers to have screwed up in keeping themselves isolated from anything important on their side. And really, what all can they take down on their side? It's just whack-a-mole when it comes to the attackers. Take down all of Russia's (or China's) internet? That might not go over too well, and we could do that without needing access to the attacker's system. Passive observation of their network and systems would be more useful in combating them. Really just need to proactively monitor our systems and networks, and take steps to stop them before they come in or as they come in.

At least that is my take on it. I could be totally wrong with my assessments.

TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  EditCannot edit other people's posts RecommendRecommend this post ReplyReply to this post

Sapient Donkey

(1,568 posts)
8. I worked in a security operations center as an analyst (sounds cooler than it is, I think)
Reply to BSdetect (Reply #5)
Tue Aug 6, 2019, 02:28 PM
Aug 2019

It was just a constant bombardment coming in from both China and Russia. The vast majority of it was automated probings and throwing whatever they could at systems, but it never ended.

TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  EditCannot edit other people's posts RecommendRecommend this post ReplyReply to this post
Reply to this discussion
Latest Discussions»General Discussion»Microsoft catches Russian...
Home | Latest Discussions | Greatest Discussions | Latest Videos | All Forums

About | Copyright | Privacy | Terms of service | Contact

In Memoriam

© 2001 - 2024 Democratic Underground, LLC. Thank you for visiting.