Microsoft: Russian Hackers Targeted Companies Through IoT Hardware


This site may earn affiliate commissions from the links on this page. Terms of use.

The ever-growing network of the internet of things (IoT) can make life more convenient by automating your home and delivering data wherever you are. However, all those internet-connected devices can also provide a massive attack surface for online criminals. We’ve already seen malware that targets IoT hardware, but now Microsoft says it has uncovered a coordinated hacking campaign focused on government, political groups, and charities via devices like printers and VoIP phones. 

Microsoft’s Threat Intelligence Center says a new wave of IoT hacks began in April of this year. It points the finger at a group known as Fancy Bear or Strontium, which is best known as the perpetrator of high-profile hacks supporting the Russian government. Naturally, Fancy Bear is linked to Russian military intelligence (GRU). Fancy Bear stole files from the Democratic National Committee in 2016 — those documents later appeared on Wikileaks, helping to damage Hilary Clinton’s presidential campaign. Later, it conducted the NotPetya ransomware attack on Ukraine and other countries. 

The new hacking operation takes aim at popular internet of things devices because they often escape normal security scrutiny. According to Microsoft, the hackers went after three popular devices: a VOIP phone, an office printer, and a video decoder. In many cases, these devices connect to the internet but have a default password or outdated security patches. That makes them an ideal entry point for an attacker to gain access to a larger network. From there, Fancy Bear used access to steal high-value data from other computers. 

Don’t pick up — it’s the hackers.

Microsoft only spotted this attack because it has insights into so many corporate networks via Windows software. It detected around 1,400 intrusions via IoT hardware. About 20 percent of the infiltrations have been at non-government organizations, think tanks, and other political organizations. The remaining 80 percent focused on government, military, technology firms, and other entities. The campaign even targeted Olympic organizing committees and anti-doping agencies, both of which have been problems for Russian interests. 

Microsoft offers a raft of suggestions for improving IoT security, which starts with securing approval before plugging in new IoT devices. Unauthorized hardware can circumvent many security measures on a network, as NASA found out recently. Microsoft also suggests setting up secure networks specifically for IoT hardware and monitoring the connections for unusual activity. You can see the full list in Microsoft’s blog post. 

Now read:




10 minutes mail – Also known by names like : 10minemail, 10minutemail, 10mins email, mail 10 minutes, 10 minute e-mail, 10min mail, 10minute email or 10 minute temporary email. 10 minute email address is a disposable temporary email that self-destructed after a 10 minutes. https://tempemail.co/– is most advanced throwaway email service that helps you avoid spam and stay safe. Try tempemail and you can view content, post comments or download something

Bellingcat journalists targeted by failed phishing attempt – gpgmail


Investigative news site Bellingcat has confirmed several of its staff were targeted by an attempted phishing attack on their ProtonMail accounts, which the journalists and the email provider say failed.

“Yet again, Bellingcat finds itself targeted by cyber attacks, almost certainly linked to our work on Russia,” wrote Eliot Higgins, founder of the investigative news site in a tweet. “I guess one way to measure our impact is how frequently agents of the Russian Federation try to attack it, be it their hackers, trolls, or media.”

News emerged that a small number of ProtonMail email accounts were targeted this week — several of which belonged to Bellingcat’s researchers who work on projects related to activities by the Russian government. A phishing email purportedly from ProtonMail itself asked users to change their email account passwords or generate new encryption keys through a similarly-named domain set up by the attackers. Records show the fake site was registered anonymously, according to an analysis by security researchers.

In a statement, ProtonMail said the phishing attacks “did not succeed” and denied that its systems or user accounts had been hacked or compromised.

“The most practical way to obtain email data from a ProtonMail user’s inbox is by compromising the user, as opposed to trying to compromise the service itself,” said ProtonMail’s chief executive Andy Yen. “For this reason, the attackers opted for a phishing campaign that targeted the journalists directly.”

Yen said the attackers tried to exploit an unpatched flaw in third-party software used by ProtonMail, which has yet to be fixed or disclosed by the software maker.

“This vulnerability, however, is not widely known and indicates a higher level of sophistication on the part of the attackers,” said Yen.

It’s not known conclusively who was behind the attack. However, both Bellingcat and ProtonMail said they believe certain tactics and indicators of the attack may point to hackers associated with the Russian government. For instance, the attack’s targets were Bellingcat’s researchers working on the ongoing investigation into the downing of flight MH17 by Russian forces and the use of a nerve agent in a targeted killing in the U.K.

Higgins said in a tweet that this week’s attempted attack likely targeted “in the tens” of people unlike earlier attacks attributed to the Russian government-backed hacker group, known as APT 28 or Fancy Bear.

Bellingcat in the past year has gained critical acclaim for its investigations into the Russian government, uncovering the names of the alleged Russian operatives behind the suspected missile attack that blew up Malaysian airliner MH17 in 2014. The research team also discovered the names of the Russian operatives who were since accused of poisoning former Russian intelligence agent Sergei Skripal and his daughter Yulia in a nerve agent attack in Salisbury, U.K. in 2018.

The researchers use open-source intelligence and information gathering where police, law enforcement and intelligence agencies often fail.

It’s not the first time that hackers have targeted Bellingcat. Its researchers were targeted several times in 2016 and 2017 following the breach on the Democratic National Committee which saw thousands of internal emails stolen and published online.

A phone call to the Russian consulate in New York requesting comment was not returned.




10 minutes mail – Also known by names like : 10minemail, 10minutemail, 10mins email, mail 10 minutes, 10 minute e-mail, 10min mail, 10minute email or 10 minute temporary email. 10 minute email address is a disposable temporary email that self-destructed after a 10 minutes. https://tempemail.co/– is most advanced throwaway email service that helps you avoid spam and stay safe. Try tempemail and you can view content, post comments or download something