Threat Watch

Fancy Bear Suspected of Attacking IoT Devices

Fancy Bear (APT28): Russia’s most commonly known hacking group Fancy Bear has been seen using IoT devices to gain access and infect corporate networks. Though not a new tactic, it was spotted being used in April. The devices include unsecured printers, video decoders, VOIP phones as well as other devices. By either guessing the default password or finding devices running old, out-of-date firmware, the group managed to gain entry to these devices.  Once the group uses these devices to gain a foothold into the network, Fancy Bear will scan the network looking for other vulnerable machines. By doing this, they will then be able to move across the network and gain access to higher-privilege accounts. While moving across the network, the group dropped shell scripts to allow for further exploitation. The final end goal of these attacks was not known, and it was unclear what the attackers were able to steal or were targeting.

ANALYST NOTES