APT 28, hacker, Russia, FancyBear

Russia-linked hackers are gaining access to network systems through poorly configured devices, such as office printers and VOIP phones, BankInfoSecurity.com reports. It’s another warning related to “Internet of Things” devices.

The hackers are thought to be part of the Russian group known as “FancyBear” or APT 28 (Advanced Persistent Threat 28.) APT 28 is infamous for hacking into the Democratic National Committee network and the Clinton Campaign during the 2016 Presidential election.

The FBI has linked APT 28 to Russia’s intelligence service.

The latest warning comes from Microsoft, which has spent a lot of time battling APT 28. The company says the office systems access occurred in two ways.

One, organizations failed to change the default passwords set by the manufacturers on the office machines. In another instance, an organization failed to apply security updates to their devices.

Those vulnerabilities allowed the hackers to enter organization networks, look for other unsecured devices, and use those to hop across networks towards higher-value targets.

Microsoft said the hackers seemed particularly focused on organizations in government, IT, military, defense, medicine, education and engineering.

If you are concerned about the security of devices connected to your network, give us a call to discuss.