In the Microsoft Security Response Center released Monday blog post, the company said, STRONTIUM hackers to Microsoft customers did not disclose the names were based on the IoT attacks, security researchers believe STRONTIUM hackers and the Russian GRU military intelligence agencies are closely related .
Microsoft said in a blog, it finds in the April attack on three specific things device: a VoIP phone, a video decoder and a printer (the company declined to specify brand), and use them to obtain access to the corporate network is not specific. In which the two devices is compromised because you have not changed the default password manufacturer, because the other device is not applied the latest security patches.
Equipment attacked in this way has become a backdoor security of the network, allowing the attacker free scan these networks for further vulnerabilities, and access to other systems for more information. An attacker also was found in the investigation of the attack on the group managed network, trying to gain more access to, and analysis of local subnet traffic for additional data.
STRONTIUM, also known as Fancy Bear, Pawn Storm, Sofacy and APT28, is considered to represent a series of malicious network activity of the Russian government was behind, including the 2016 attack on the Democratic National Committee, on the World Anti-Doping Agency attacks against reporters investigating the case of Malaysia Airlines flight 17 was shot down over Ukraine, sending death threats to his wife and so on trumped US military.
According to the indictment in July 2018 the Office of the Special Adviser Robert Mueller released, STRONTIUM directing attacks by a group of Russian officers, all of whom are wanted by the FBI about these crimes.
Microsoft inform customers find it was attacked nation-state, and sends notifications about STRONTIUM about 1,400 pieces in the past 12 months. Microsoft said the majority (four-fifths) is an attack on the government, military, defense, IT, medicine, education and engineering organizations, and the rest of the non-governmental organizations, think tanks and other "politically affiliated organizations."
According to the Microsoft team to say, the core of vulnerability is the lack of full understanding of all devices on the network to run their institutions. In addition, they recommend running all IoT devices in an enterprise environment cataloging, custom security policy, where feasible, in shielding the implementation of networking equipment for each device on a separate network, and perform periodic component of Things patches and configuration review.
Original from: https://linux.cn/article-11207-1.html
This article addresses: https://www.linuxprobe.com/strontium-gru.html editor: roc_guo, Auditor: Zhang Wenxiang
Linux command Daquan: https://www.linuxcool.com/
More information can be viewed linux: https: //www.linuxprobe.com