Russian hackers spy on companies with insecure office devices

Russian state-sponsored hackers may be trying to spy on companies by hacking into vulnerable office IoT devices connected to their corporate network, according to Microsoft.

The group, known as STRONTIUM, has been active since at least 2007. They are credited with a long list of infamous work including breaking into the Democratic National Committee in 2016, the crippling NotPetya attacks against Ukraine in 2017, and targeting political groups in Europe and North America throughout 2018.

"In April, security researchers in the Microsoft Threat Intelligence Center discovered infrastructure of a known adversary communicating to several external devices," says Microsoft's report. "Further research uncovered attempts by the actor to compromise popular IoT devices (a VOIP phone, an office printer, and a video decoder) across multiple customer locations."

"After gaining access to each of the IoT devices, the actor ran tcpdump to sniff network traffic on local subnets. They were also seen enumerating administrative groups to attempt further exploitation. As the actor moved from one device to another, they would drop a simple shell script to establish persistence on the network which allowed extended access to continue hunting. Analysis of network traffic showed the devices were also communicating with an external command and control (C2) server."

Even though the attacks were attributed to the STRONTIUM cyberespionage group, Microsoft's researchers were unable to determine the end goal of these corporate intrusions because they were all detected within the early stages.

Read more -here-