Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
High
Strontium (APT28) has resurfaced again, this time targeting VoIP phones, printers, and video decoders. Attacks have been observed in the wild said the Microsoft Threat Intelligence Center, one of the OS maker’s cyber-security divisions. The hacker group tried to exploit a VOIP phone, an office printer, and a video decoder, Microsoft said.
The investigation uncovered that an actor had used these devices to gain initial access to corporate networks, In two of the cases, the passwords for the devices were deployed without changing the default manufacturer’s passwords and in the third instance the latest security update had not been applied to the device.
Microsoft said hackers used the compromised IoT devices as an entry point into their targets’ internal networks, where they’d scan for other vulnerable systems to expand this initial foothold.
“After gaining access to each of the IoT devices, the actor ran tcpdump to sniff network traffic on local subnets,” Microsoft said.
“They were also seen enumerating administrative groups to attempt further exploitation. As the actor moved from one device to another, they would drop a simple shell script to establish persistence on the network which allowed extended access to continue hunting.
Microsoft said it identified and blocked these attacks in their early stages, so its investigators weren’t able to determine what Strontium was trying to steal from the compromised networks.
IP(s) / Hostname(s)
Block threat indicators at your respective controls.