• Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Alert – Kassino Campaign Spreading Agent Tesla via Phishing Emails
August 5, 2019
Rewterz Threat Alert – GermanWiper Ransomware Erases Data, Still Asks for Ransom
August 6, 2019

Rewterz Threat Alert – Russian State Hackers are using IoT Devices to Breach Enterprise Networks

August 6, 2019

Severity

High

Analysis Summary

Strontium (APT28) has resurfaced again, this time targeting VoIP phones, printers, and video decoders. Attacks have been observed in the wild said the Microsoft Threat Intelligence Center, one of the OS maker’s cyber-security divisions. The hacker group tried to exploit a VOIP phone, an office printer, and a video decoder, Microsoft said.

The investigation uncovered that an actor had used these devices to gain initial access to corporate networks, In two of the cases, the passwords for the devices were deployed without changing the default manufacturer’s passwords and in the third instance the latest security update had not been applied to the device.

Microsoft said hackers used the compromised IoT devices as an entry point into their targets’ internal networks, where they’d scan for other vulnerable systems to expand this initial foothold.

“After gaining access to each of the IoT devices, the actor ran tcpdump to sniff network traffic on local subnets,” Microsoft said.

“They were also seen enumerating administrative groups to attempt further exploitation. As the actor moved from one device to another, they would drop a simple shell script to establish persistence on the network which allowed extended access to continue hunting.

Microsoft said it identified and blocked these attacks in their early stages, so its investigators weren’t able to determine what Strontium was trying to steal from the compromised networks.

Indicators of Compromise

IP(s) / Hostname(s)

  • 167[.]114[.]153[.]55
  • 94[.]237[.]37[.]28
  • 82[.]118[.]242[.]171
  • 31[.]220[.]61[.]251
  • 128[.]199[.]199[.]187

Remediation

Block threat indicators at your respective controls.

  • Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.