State-sponsored hackers use IoT devices to breach enterprise networks

Hackers use IoT devices to breach enterprise networks

State sponsored Russian hackers have recently compromised insecure Internet of Things (IoT) devices to breach enterprise networks.

Researchers from the Microsoft Threat Intelligence Center security team spotted the hacker activity in April after noticing several IoT devices from multiple customers were communicating with known adversary infrastructure.

According to Microsoft, a cyber espionage group dubbed Strontium compromised three different types of IoT devices: a VOIP phone, an office printer and a video decoder. Consequently, the hackers were then able to use the devices to gain a foothold into corporate networks.

Insecure IoT devices

The bad actors simply used default vendor-provided passwords to compromise two of the devices. In the other case, the device was missing the latest software updates. Once devices were compromised, the actors then ran network scans to find other insecure devices. In turn, the hackers then searched for privileged accounts that could given them access to sensitive data.

“After gaining access to each of the IoT devices, the actor ran tcpdump to sniff network traffic on local subnets. They were also seen enumerating administrative groups to attempt further exploitation,” Microsoft stated in a blog post.

“As the actor moved from one device to another, they would drop a simple shell script to establish persistence on the network which allowed extended access to continue hunting.”

The Microsoft analysis of network traffic concluded these compromised devices were communicating to an external command and control (C2) system. The company added nearly 1400 organizations were notified of either being targeted or compromised. Nearly 80% of the attacks targeted organizations in government, IT, military, defense, medicine, education, and engineering sectors.

As recently as this May, other attackers used a new variant of Mirai to exploit up to 13 different vulnerabilities and compromise IoT devices in a new wave of attacks. Similarly, Miori malware and others like it have also exploited insecure IoT devices in recent years.

In conclusion, Microsoft warned organizations should pay closer attention to IoT device security.

“These simple attacks taking advantage of weak device management are likely to expand as more IoT devices are deployed in corporate environments,” Microsoft added.