Thursday, April 18, 2024
News

Fancy Bear is back to its old tricks of exploiting IoT and doing network recon

By Digitaltrends
Fancy Bear is back to its old tricks of exploiting IoT and doing network recon

Share

In a new intelligence report on threats was released this week by Microsoft, which claims to have detected resumed activity, in the form of Internet of Things (IoT) device compromise, from Russian hacking group Fancy Bear.

The group, alternatively known by its STRONTIU or APT28 designations and thought to be an arm of Russian state intelligence, was found to have taken control of networked appliances such as printers as a way of pivoting deeper into the network. Once inside, the attackers would then find vulnerable, secluded portions of it to establish persistence and, finally, phone home to command and control servers. According to Microsoft’s findings, the attackers primarily targeted critical government or civic infrastructure including political, defense, medical, and engineering networks. 

It is not clear whether the organizations whose networks were breached were the ultimate intended targets, or simply cover for hiding resources for later use. If the attribution to Fancy Bear is accurate, these reported intrusions would constitute the latest in a long string of attack from the group that depends heavily on IoT compromise. 

Fancy Bear is most famous for infiltrating the network of the Democratic National Committee in 2016, but their oeuvre is otherwise largely based on breaking into routers and other small network appliances. In 2017, the group turned its attention to hotel networks, which they seized control of by exploiting network equipment. The group followed that up with the VPNFilter attack last year, which also took over routers.

This recent pattern from Fancy Bear brings an evolving picture of the Russian state-sponsored hackers into sharper resolution. Whereas the group formerly appeared content to break into specific kinds of networks simply to monitor them, Fancy Bear’s attack on hotel Wi-Fi positioned them to spy on guests of those hotels. The IoT compromise that Microsoft detailed fits a new pattern of conducting reconnaissance on networks they breach and following up with corresponding next steps.

The fact that Fancy Bear’s predisposition toward IoT has not changed should come as no surprise, as the perennially weak security of this class of devices provides ample attack surface. It is for this reason that some of the biggest DDoS attacks to date have been executed by enormous global botnets of IoT devices, such as the Mirai botnet.

Editors’ Recommendations

  • https://www.digitaltrends.com/mobile/cybereason-apt10-network-hack-news/

  • https://www.digitaltrends.com/dtdeals/netgear-nighthawk-ax8-router-deal/

  • https://www.digitaltrends.com/home/best-alexa-enabled-devices/

  • https://www.digitaltrends.com/computing/insulin-pump-hack-medical-iot/

  • https://www.digitaltrends.com/cool-tech/soft-robot-fluidic-tether/






Read more

More News

The AIVAnet is a collector and classifier of app news articles and online technology news, which works automatically by collecting and collating the RSS feeds from popular sites (IOS news feed,latest tablet news, etc.).
The articles deal with mobile app reviews, especially with android reviews, and IOS. One of the central thematic axes is also the comparisons. You can find articles with tablet reviews, comparisons and mobile OS systems or mobile OS stats.
We also provide some of the most popular app news express, for android and IOS or windows phone. The online technology news that you can find in our pages are just opinions and ideology, allowing you to see how different news agencies present the same news.

AIVAnet is supported by Cloud Services Store

Company

© AIVAnet