Microsoft reports that Strontium (also known as Fancy Bear or APT28, that is, Russia’s GRU military intelligence service) has undertaken a campaign to breach enterprise networks by exploiting poorly secured IoT devices: printers, video decoders, and voice-over-IP phones. Redmond says that in April its researchers discovered “infrastructure of a known adversary communicating to several external devices.” Once in, the attackers would seek to pivot to more interesting targets. At least two of the corporate victims had left manufacturer’s default passwords on their devices. A third had failed to keep their software updated. The campaign’s goal is unknown.
ESET is tracking recent activity by Machete, a cyber espionage threat actor working against Venezuela’s military as well as some targets in Ecuador, Colombia, and El Salvador. Machete was identified by Kaspersky in 2014 and has since been tracked by Cylance. While it’s been mostly active against Spanish-speaking countries, it’s also looked at targets in Canada, China, Germany, South Korea, Sweden, Ukraine, the United Kingdom, and the United States. There’s no clear attribution. ZDNet notes that it’s unknown whether Machete is state-directed or the work of freelancers. It typically gains entry to its targets by phishing.
UpGuard has found more than 6 million email addresses in an unsecured Amazon S3 bucket belonging to the US Democratic Senatorial Campaign Committee. The data were posted in 2010.
According to Accenture, MegaCortex ransomware shows signs of greater automation as its masters trade stealth for volume and speed. ZDNet says the ransom demands have exceeded $5 million.