Russian hackers show why you need to change your office printer password

Microsoft is warning that a Russian group that was involved with the 2016 DNC hack is attacking corporate networks in a fresh attack against high-value targets.

In a blog post (via ZDNet), the Microsoft Threat Intelligence Center says the Russian hacking group known as Strontium (perhaps more widely known as Fancy Bear) is responsible for the new attack, which occurred in April.

According to Microsoft, the attack went after “a VOIP phone, an office printer, and a video decoder,” exploiting some pretty poor security measures that we’re all likely guilty of to gain access: unchanged default passwords. 

The investigation uncovered that an actor had used these devices to gain initial access to corporate networks. In two of the cases, the passwords for the devices were deployed without changing the default manufacturer’s passwords and in the third instance the latest security update had not been applied to the device.

Once inside the network, the hackers were able to scan for other insecure devices, which allowed them to look for more valuable targets within the network and thereby access valuable data. Microsoft says the company stopped this particular attack in its early stages and, thus aren’t exactly sure what the group was targeting. 

This isn’t the first time Microsoft has warned companies about such danger. In February, the company warned of similar Russian-sponsored attacks on European groups ahead of a series of elections in May. 

Over the last 12 months, Microsoft says it has sent around “1,400 nation-state notifications” about attacks with 80 percent of the targets being “government, IT, military, defense, medicine, education, and engineering.” 

The post outlines a dozen ways you can help protect against such attacks on your network, but suffice it to say, one big task everyone should always do is change your device passwords on the regular. Yes, even your printer.