Hackers belonging to Russia’s elite state-sponsored hacking groups have been using printers, video decoders and other so-called Internet-of-Thing (IoT) devices as a way to breach corporate networks, Microsoft officials have warned.
Researchers at the tech giant uncovered the attacks in April when a voice-over-IP phone, an office printer and a video decoder in multiple customer locations were communicating with servers belonging to STRONTIUM — a Russian government hacking group better known as Fancy Bear or APT28. “These devices became points of ingress from which the actor established a presence on the network and continued looking for further access.
“Once the actor had successfully established access to the network, a simple network scan to look for other insecure devices allowed them to discover and move across the network in search of higher-privileged accounts that would grant access to higher-value data,” officials with the Microsoft Threat Intelligence Center wrote in a blog post on Monday.
Several sources estimate that by the year 2020, some 50 billion IoT devices will be deployed worldwide. IoT devices are purposefully designed to connect to a network and many are simply connected to the Internet with little management or oversight.
“Over the last 12 months, Microsoft has delivered nearly 1,400 nation-state notifications to those who have been targeted or compromised by STRONTIUM. One in five notifications of STRONTIUM activity were tied to attacks against non-governmental organisations, think tanks, or politically affiliated organisations around the world,” the Microsoft researchers added.
The remaining 80 per cent of STRONTIUM attacks have targeted organisations in the government, IT, military, defence, medicine, education and engineering. (IANS)
Hackers based in China have targeted at least 27 universities in the United States in search of maritime military secrets, security research firm iDefense has found as part of ongoing research.
According to a threat report by iDefense, the security research arm of Accenture, Chinese hacking groups have targeted 27 U.S. universities, and the number may rise as their research continues.
The hackers use spear phishing, meaning that they pose as partner universities to the target.
If the e-mails are opened, they unleash malware that allows hackers based in China to access stored research, iDefense reported.
The Massachusetts Institute of Technology (MIT) was among the targets, which also included the University of Washington, it said.
The Wall Street Journal reported that Penn State and Duke University were also targeted.
All of the targets had researchers working on submarine technology or related fields, including oceanography.
iDefense said the hackers are likely affiliated with a group known as MUDCARP, and also referred to as TEMP.PERISCOPE, Periscope and Leviathan.
“Collection requirements appear to include several very specific submarine technologies produced by multiple cleared defence contractors (and their respective supply chains),” iDefense’s report said.
“Any technology or program that involves the delivery or launching of a payload from a submerged submarine, or undersea autonomous vehicles, is of high interest to MUDCARP,” it said.
The report comes after a March 4 report by FireEye, where researchers looking into the activities of MUDCARP, which it names APT40 (advanced persistent threat) were fairly confident that it had Chinese state backing.
It said the group targets organizations operating in Southeast Asia, especially relating to recent elections there, or linked to the South China Sea disputes and other actors who could affect the Chinese Communist Party’s Belt and Road infrastructure development plan, the FireEye report said.
“APT40 uses a variety of malware and tools to establish a foothold, many of which are either publicly available or used by other threat groups,” it said. “APT40 will often target VPN and remote desktop credentials to establish a foothold in a targeted environment.”
Once the foothold is established, APT40 “uses a mix of custom and publicly available … tools to escalate privileges,” it said, including online dumps of leaked user data.
Chieh Chung, a research fellow at the National Policy Foundation on the democratic island of Taiwan, said China’s People’s Liberation Army (PLA) has been putting huge resources into to developing its navy in recent years.
“[Information about] the Yellow Sea, the East China Sea, and the hydrological environment associated with the South China Sea are very important for maritime operations, especially for submarines,” Chieh told RFA.
“If [they] use such methods to collect data stored in other countries over a long period of time, they will succeed in filling the gaps in their own data pretty quickly,” he said.
“Much of this information, especially seabed topography, seawater salinity changes, and so on, are deemed classified by many countries.”
Chieh said it wouldn’t always be obvious to victims that they are being “phished,” because e-mails could be sent by researchers in the same field, while attachments could be articles or reports on hydrology.
“They may even pretend to be a sender with whom [the target] has a real-life connection, and trick them into opening the e-mail that way,” he said.
Lin Ying-yu of Taiwan’s Chungcheng University said the key to preventing cyberattacks still resides with people, rather than defensive software.
“The focus is on users’ habits and awareness of information security,” Lin said. “All students and employees need to know that this threat exists.”
He said cyber attacks originating in China have shown a resurgence in recent years after a relatively quiet period.
Chinese rights activist and tech expert Pu Fei said the only effective way to prevent such attacks is through “air gaps”: physical barriers between classified material and the internet.