Russian Hackers Are Now Attacking Popular IoT Devices, Says Microsoft

The cybercriminal group Fancy Bear, which is believed to be linked to the Russian government, has started hacking popular Internet of Things (IoT) devices to gain a foothold in targeted corporate networks. This information comes from security researchers at Microsoft.

The Microsoft Threat Intelligence Center first detected Fancy Bear’s attacks in April. The experts then conducted a deeper analysis of the malicious campaign and concluded that the criminals were compromising popular IoT devices, including VoIP softphones, office printers, and video decoders.

The attackers used these compromised devices to infiltrate the target’s corporate network. The success of these attacks was often due to the use of default manufacturer credentials that company employees had not changed. In one case, the device owners simply hadn’t installed the latest security update in time.

Fancy Bear’s main goal is to gain access to important corporate data. To achieve this, the criminals move laterally through the network, searching for other vulnerable devices and attempting to compromise accounts with higher privileges.

“Over the past year, Microsoft has notified about 1,400 organizations that have been affected by Fancy Bear’s cybercriminal activities,” the Microsoft team wrote.