Those in the United States are well aware of the Russian government hacking efforts with investigations showing the 2016 election was hacked. Intelligence says it’s still going on; Russia is still interfering in U.S. elections and are looking to do so again in 2020.
But elections aren’t the only things Russia has an interest in. Microsoft has warned that the Russian government hackers have been breaching computer networks by using Internet of things devices, as well as video decoders and printers.
We’ve warned often on this website that IoT devices carry a certain amount of danger with them. They connect to the Internet, and they carry data. This means they can easily become a target. It’s just as important to make sure your IoT devices are secure as your phone or computer.
The Microsoft Threat Intelligence Center wrote in a blog post that the “devices became points of ingress from which the actor established a presence on the network and continued looking for further access.”
The post explained that the security researchers with Microsoft initially discovered these attacks back in April. An office printer, a VOIP phone, and a video decoder were breached in multiple locations. All of them had been communicating with a server known to belong to the state-sponsored hacking group “Strontium.”
You may know them better as Fancy Bear or APT28. Last year the FBI identified this same group as being behind more than 500,000 routers in fifty-four countries that were infected. They are also one of the groups thought to be behind the hacking emails in the 2016 election. They’ve been linked to hacks involving the World Anti-Doping Agency, German Bundestag, France’s TV5Monde TV station, and others.
Bad security practices were to be blamed in each case. This included using default passwords that the devices were shipped with. In one of the above instances, the device was running older firmware with a known issue.
“While much of the industry focuses on the threats of hardware implants,” adds the Microsoft blog post, “we can see in this example that adversaries are happy to exploit simpler configurations and security issues to achieve their objectives.”
Securing Your IoT Devices
Are you giving the evil eye to your Amazon Echo and Apple Watch right now, wondering if they are exposing all your secrets to the Russian government?
Read our article on How to Properly Secure an IoT Device to give yourself some peace of mind. Then chime into the comments below and let us know what you think about the Russian government hackers using our IoT devices as tools.