Jane Edwards
Microsoft has found a hacking group called Strontium that uses internet-of-things devices to perform attacks on corporate networks.
Researchers at the company’s threat intelligence center discovered in April that the group used a VoIP phone, a video recorder and an office printer across several client locations “as points of ingress†to gain network access and tap into higher-value data, Microsoft said Monday.
Microsoft has sent approximately 1.4K nation-state notifications to organizations that have been targeted by Strontium in the past year and found that majority of the attacks have zeroed in on organizations across government, defense, military, information technology, engineering, medicine and education sectors.
The company offered recommendations to help organizations protect IoT devices from cyber threats, such as cataloguing IoT devices operating in corporate networks, creating a custom security policy for each IoT device and conducting routine configuration against deployed IoT devices.
