Skip to main content

Fancy Bear is back to its old tricks of exploiting IoT and doing network recon

In a new intelligence report on threats was released this week by Microsoft, which claims to have detected resumed activity, in the form of Internet of Things (IoT) device compromise, from Russian hacking group Fancy Bear.

The group, alternatively known by its STRONTIU or APT28 designations and thought to be an arm of Russian state intelligence, was found to have taken control of networked appliances such as printers as a way of pivoting deeper into the network. Once inside, the attackers would then find vulnerable, secluded portions of it to establish persistence and, finally, phone home to command and control servers. According to Microsoft’s findings, the attackers primarily targeted critical government or civic infrastructure including political, defense, medical, and engineering networks. 

It is not clear whether the organizations whose networks were breached were the ultimate intended targets, or simply cover for hiding resources for later use. If the attribution to Fancy Bear is accurate, these reported intrusions would constitute the latest in a long string of attack from the group that depends heavily on IoT compromise. 

Fancy Bear is most famous for infiltrating the network of the Democratic National Committee in 2016, but their oeuvre is otherwise largely based on breaking into routers and other small network appliances. In 2017, the group turned its attention to hotel networks, which they seized control of by exploiting network equipment. The group followed that up with the VPNFilter attack last year, which also took over routers.

This recent pattern from Fancy Bear brings an evolving picture of the Russian state-sponsored hackers into sharper resolution. Whereas the group formerly appeared content to break into specific kinds of networks simply to monitor them, Fancy Bear’s attack on hotel Wi-Fi positioned them to spy on guests of those hotels. The IoT compromise that Microsoft detailed fits a new pattern of conducting reconnaissance on networks they breach and following up with corresponding next steps.

The fact that Fancy Bear’s predisposition toward IoT has not changed should come as no surprise, as the perennially weak security of this class of devices provides ample attack surface. It is for this reason that some of the biggest DDoS attacks to date have been executed by enormous global botnets of IoT devices, such as the Mirai botnet.

Jonathan Terrasi
Jonathan has studiously followed trends in technology, particularly in information security and digital privacy, since 2014…
Apple M3 chip: faster speeds, better efficiency, and more
Apple's Tim Millet presents the Apple silicon A14 Bionic chip.

There’s no doubt that Apple silicon has been a massive boost to Apple’s best Macs, banishing the days of sluggish performance under Intel’s processors. But what’s coming next? And more importantly, can Apple keep the momentum going?

Well, the next generation of Apple silicon chips will be the M3, and all the rumors suggest it could be the best addition to the line-up yet. We’ve searched high and low for all the details, so if you’re wondering what to expect from the M3, M3 Pro, M3 Max, and more, you’ve come to the right place.
Release date

Read more
The best Dell laptops for 2023: XPS, Inspiron, and more
Dell XPS 13 9370 review | Lid and trim

Picking the best Dell laptop is no easy task, as the company produces several great laptops every year, some of which are the best budget laptops or even the best laptops overall. The affordable XPS 13 9315 — which packs an almost magical amount of power and functionality into one of the tiniest chassis of all — is a case in point and our top pick. But there are some other options to consider, depending on what you need it for. We've rounded them all up below in our definitive list of the best Dell laptops you can buy today.

Read more
Nvidia defies pushback, defends 8GB of VRAM in recent GPUs
RTX 4060 Ti sitting on a pink background.

Nvidia's CEO Jensen Huang is defending the recently-launched RTX 4060 Ti, and in particular, its 8GB of VRAM. The executive spoke about gaming and recent GPU releases in a roundtable interview with reporters at Computex 2023, where he faced questions about the limited VRAM on Nvidia's most recent GPU.

PCWorld shared a quote in which Huang defended the 8GB of VRAM and told gamers to focus more on how that VRAM is managed: "Remember the frame buffer is not the memory of the computer -- it is a cache. And how you manage the cache is a big deal. It is like any other cache. And yes, the bigger the cache is, the better. However, you’re trading off against so many things."

Read more