Russian hacking group STRONTIUM attacking corporate IoT devices

“Organizations are adopting smart devices with enthusiasm, not realizing that these devices are often insecure by design and therefore offer many opportunities for attackers.” Steve Durbin, Managing Director of the Information Security Forum

A state-backed Russian hacking group, dubbed STRONTIUM, has been attacking corporate IoT devices, according to a blog post recounting the findings of researchers at Microsoft Threat Intelligence Center.

In April, the researchers “discovered infrastructure of a known adversary communicating to several external devices as well as “attempts by the actor to compromise popular IoT devices (a VOIP phone, an office printer, and a video decoder) across multiple customer locations,” the Microsoft Security Response Center post noted. “The investigation uncovered that an actor had used these devices to gain initial access to corporate networks” and in two instances, their passwords “were deployed without changing the default manufacturer’s passwords” while in a “third instance the latest security update had not been applied to the device.”

Steve Durbin, managing director of the Information Security Forum, said “Organizations are adopting smart devices with enthusiasm, not realizing that these devices are often insecure by design and therefore offer many opportunities for attackers.”

Because the devices were created without security in mind but rather “to provide and process information at the lowest possible cost,” Durbin said, they pose a risk to organizations. “By maintaining an open connection to the individual’s home computer, a device which may, in turn, be connected to an employer’s network, it offers intruders a portal to inflicting damage that goes well beyond the owner’s home devices,”