From e2a18aea6ba2fa647a0d26e954c54c96fe6651f8 Mon Sep 17 00:00:00 2001 From: Xingyu Wang Date: Fri, 9 Aug 2019 23:45:01 +0800 Subject: [PATCH] TSL&PRF --- ...backed attacks that exploit IoT devices.md | 73 ------------------- ...backed attacks that exploit IoT devices.md | 58 +++++++++++++++ 2 files changed, 58 insertions(+), 73 deletions(-) delete mode 100644 sources/news/20190806 Microsoft finds Russia-backed attacks that exploit IoT devices.md create mode 100644 translated/news/20190806 Microsoft finds Russia-backed attacks that exploit IoT devices.md diff --git a/sources/news/20190806 Microsoft finds Russia-backed attacks that exploit IoT devices.md b/sources/news/20190806 Microsoft finds Russia-backed attacks that exploit IoT devices.md deleted file mode 100644 index 69a16590de..0000000000 --- a/sources/news/20190806 Microsoft finds Russia-backed attacks that exploit IoT devices.md +++ /dev/null @@ -1,73 +0,0 @@ -[#]: collector: (lujun9972) -[#]: translator: (wxy) -[#]: reviewer: ( ) -[#]: publisher: ( ) -[#]: url: ( ) -[#]: subject: (Microsoft finds Russia-backed attacks that exploit IoT devices) -[#]: via: (https://www.networkworld.com/article/3430356/microsoft-finds-russia-backed-attacks-that-exploit-iot-devices.html) -[#]: author: (Jon Gold https://www.networkworld.com/author/Jon-Gold/) - -Microsoft finds Russia-backed attacks that exploit IoT devices -====== -Microsoft says default passwords, unpatched devices, poor inventory of IoT gear led to exploits against companies by Russia's STRONTIUM hacking group. -![Zmeel / Getty Images][1] - -The STRONTIUM hacking group, which has been strongly linked by security researchers to Russia’s GRU military intelligence agency, was responsible for an [IoT][2]-based attack on unnamed Microsoft customers, according to the company. a blog post from the company’s security response center issued Monday. - -Microsoft [said in a blog][3] that the attack, which it discovered in April, targeted three specific IoT devices – a VoIP phone, a video decoder and a printer (the company declined to specify the brands) – and used them to gain access to unspecified corporate networks. Two of the devices were compromised because nobody had changed the manufacturer’s default password, and the other one hadn’t had the latest security patch applied. - -**More on IoT:** - - * [][4] [Most powerful Internet of Things companies][5] - * [10 Hot IoT startups to watch][6] - * [The 6 ways to make money in IoT][7] - * [What is digital twin technology? [and why it matters]][8] - * [Blockchain, service-centric networking key to IoT success][9] - * [Getting grounded in IoT networking and security][10] - * [Building IoT-ready networks must become a priority][11] - * [What is the Industrial IoT? [And why the stakes are so high]][12] - - - -Devices compromised in this way acted as back doors to secured networks, allowing the attackers to freely scan those networks for further vulnerabilities, access additional systems, and gain more and more information. The attackers were also seen investigating administrative groups on compromised networks, in an attempt to gain still more access, as well as analyzing local subnet traffic for additional data. - -STRONTIUM, which has also been referred to as Fancy Bear, Pawn Storm, Sofacy and APT28, is thought to be behind a host of malicious cyber-activity undertaken on behalf of the Russian government, including the 2016 hack of the Democratic National Committee, attacks on the World Anti-Doping Agency, the targeting of journalists investigating the shoot-down of Malaysia Airlines Flight 17 over Ukraine, sending death threats to the wives of U.S. military personnel under a false flag and much more. - -According to an indictment released in July 2018 by the office of Special Counsel Robert Mueller, the architects of the STRONTIUM attacks are a group of Russian military officers, all of whom are wanted by the FBI in connection with those crimes. - -Microsoft notifies customers that it discovers are attacked by nation-states and has delivered about 1,400 such notifications related to STRONTIUM over the past 12 months. Most of those – four in five – went to organizations in the government, military, defense, IT, medicine, education and engineering sectors, and the remainder were for NGOs, think-tanks and other “politically affiliated organizations,” Microsoft said. - -The heart of the vulnerability, according to the Microsoft team, was a lack of full awareness by institutions of all the devices running on their networks. They recommended, among other things, cataloguing all IoT devices running in a corporate environment, implementing custom security policies for each device, walling off IoT devices on their own separate networks wherever practical, and performing regular patch and configuration audits on IoT gadgets. - -**[ [Prepare to become a Certified Information Security Systems Professional with this comprehensive online course from PluralSight. Now offering a 10-day free trial!][13] ]** - -Join the Network World communities on [Facebook][14] and [LinkedIn][15] to comment on topics that are top of mind. - --------------------------------------------------------------------------------- - -via: https://www.networkworld.com/article/3430356/microsoft-finds-russia-backed-attacks-that-exploit-iot-devices.html - -作者:[Jon Gold][a] -选题:[lujun9972][b] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]: https://www.networkworld.com/author/Jon-Gold/ -[b]: https://github.com/lujun9972 -[1]: https://images.idgesg.net/images/article/2019/07/cso_russian_hammer_and_sickle_binary_code_by_zmeel_gettyimages-927363118_2400x1600-100801412-large.jpg -[2]: https://www.networkworld.com/article/3207535/what-is-iot-how-the-internet-of-things-works.html -[3]: https://msrc-blog.microsoft.com/2019/08/05/corporate-iot-a-path-to-intrusion/ -[4]: https://www.networkworld.com/article/3207535/internet-of-things/what-is-the-iot-how-the-internet-of-things-works.html -[5]: https://www.networkworld.com/article/2287045/internet-of-things/wireless-153629-10-most-powerful-internet-of-things-companies.html -[6]: https://www.networkworld.com/article/3270961/internet-of-things/10-hot-iot-startups-to-watch.html -[7]: https://www.networkworld.com/article/3279346/internet-of-things/the-6-ways-to-make-money-in-iot.html -[8]: https://www.networkworld.com/article/3280225/internet-of-things/what-is-digital-twin-technology-and-why-it-matters.html -[9]: https://www.networkworld.com/article/3276313/internet-of-things/blockchain-service-centric-networking-key-to-iot-success.html -[10]: https://www.networkworld.com/article/3269736/internet-of-things/getting-grounded-in-iot-networking-and-security.html -[11]: https://www.networkworld.com/article/3276304/internet-of-things/building-iot-ready-networks-must-become-a-priority.html -[12]: https://www.networkworld.com/article/3243928/internet-of-things/what-is-the-industrial-iot-and-why-the-stakes-are-so-high.html -[13]: https://pluralsight.pxf.io/c/321564/424552/7490?u=https%3A%2F%2Fwww.pluralsight.com%2Fpaths%2Fcertified-information-systems-security-professional-cisspr -[14]: https://www.facebook.com/NetworkWorld/ -[15]: https://www.linkedin.com/company/network-world diff --git a/translated/news/20190806 Microsoft finds Russia-backed attacks that exploit IoT devices.md b/translated/news/20190806 Microsoft finds Russia-backed attacks that exploit IoT devices.md new file mode 100644 index 0000000000..ae10275347 --- /dev/null +++ b/translated/news/20190806 Microsoft finds Russia-backed attacks that exploit IoT devices.md @@ -0,0 +1,58 @@ +[#]: collector: (lujun9972) +[#]: translator: (wxy) +[#]: reviewer: (wxy) +[#]: publisher: ( ) +[#]: url: ( ) +[#]: subject: (Microsoft finds Russia-backed attacks that exploit IoT devices) +[#]: via: (https://www.networkworld.com/article/3430356/microsoft-finds-russia-backed-attacks-that-exploit-iot-devices.html) +[#]: author: (Jon Gold https://www.networkworld.com/author/Jon-Gold/) + +微软发现由俄罗斯背后支持的利用物联网设备进行的攻击 +====== + +> 微软表示,默认密码、未打补丁的设备,物联网设备库存不足是导致俄罗斯的 STRONTIUM 黑客组织发起针对公司的攻击的原因。 + +![Zmeel / Getty Images][1] + +在微软安全响应中心周一发布的博客文章中,该公司称,STRONTIUM 黑客组织对未披露名字的微软客户进行了基于 [IoT][2] 的攻击,安全研究人员相信 STRONTIUM 黑客组织和俄罗斯 GRU 军事情报机构有密切的关系。 + +微软[在博客中说][3],它在 4 月份发现的攻击针对三种特定的物联网设备:一部 VoIP 电话、一部视频解码器和一台打印机(该公司拒绝说明品牌),并将它们用于获得对不特定的公司网络的访问权限。其中两个设备遭到入侵是因为没有更改过制造商的默认密码,而另一个设备则是因为没有应用最新的安全补丁。 + +以这种方式受到攻击的设备成为了安全的网络的后门,允许攻击者自由扫描这些网络以获得进一步的漏洞,并访问其他系统获取更多的信息。攻击者也被发现其在调查受攻击网络上的管理组,试图获得更多访问权限,以及分析本地子网流量以获取其他数据。 + +STRONTIUM,也被称为 Fancy Bear、Pawn Storm、Sofacy 和 APT28,被认为是代表俄罗斯政府进行的一系列恶意网络活动的幕后黑手,其中包括 2016 年对民主党全国委员会的攻击,对世界反兴奋剂机构的攻击,针对记者调查马来西亚航空公司 17 号航班在乌克兰上空被击落的情况,向美国军人的妻子发送捏造的死亡威胁等等。 + +根据 2018 年 7 月特别顾问罗伯特·穆勒办公室发布的起诉书,STRONTIUM 袭击的指挥者是一群俄罗斯军官,所有这些人都被 FBI 通缉与这些罪行有关。 + +微软通知客户发现其遭到了民族国家的攻击,并在过去 12 个月内发送了大约 1,400 条与 STRONTIUM 相关的通知。微软表示,其中大多数(五分之四)是对政府、军队、国防、IT、医药、教育和工程领域的组织的攻击,其余的则是非政府组织、智囊团和其他“政治附属组织”。 + +根据微软团队的说法,漏洞的核心是机构缺乏对其网络上运行的所有设备的充分认识。另外,他们建议对在企业环境中运行的所有 IoT 设备进行编目,为每个设备实施自定义安全策略,在可行的情况下在各自独立的网络上屏蔽物联网设备,并对物联网组件执行定期补丁和配置审核。 + +-------------------------------------------------------------------------------- + +via: https://www.networkworld.com/article/3430356/microsoft-finds-russia-backed-attacks-that-exploit-iot-devices.html + +作者:[Jon Gold][a] +选题:[lujun9972][b] +译者:[wxy](https://github.com/wxy) +校对:[wxy](https://github.com/wxy) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]: https://www.networkworld.com/author/Jon-Gold/ +[b]: https://github.com/lujun9972 +[1]: https://images.idgesg.net/images/article/2019/07/cso_russian_hammer_and_sickle_binary_code_by_zmeel_gettyimages-927363118_2400x1600-100801412-large.jpg +[2]: https://www.networkworld.com/article/3207535/what-is-iot-how-the-internet-of-things-works.html +[3]: https://msrc-blog.microsoft.com/2019/08/05/corporate-iot-a-path-to-intrusion/ +[4]: https://www.networkworld.com/article/3207535/internet-of-things/what-is-the-iot-how-the-internet-of-things-works.html +[5]: https://www.networkworld.com/article/2287045/internet-of-things/wireless-153629-10-most-powerful-internet-of-things-companies.html +[6]: https://www.networkworld.com/article/3270961/internet-of-things/10-hot-iot-startups-to-watch.html +[7]: https://www.networkworld.com/article/3279346/internet-of-things/the-6-ways-to-make-money-in-iot.html +[8]: https://www.networkworld.com/article/3280225/internet-of-things/what-is-digital-twin-technology-and-why-it-matters.html +[9]: https://www.networkworld.com/article/3276313/internet-of-things/blockchain-service-centric-networking-key-to-iot-success.html +[10]: https://www.networkworld.com/article/3269736/internet-of-things/getting-grounded-in-iot-networking-and-security.html +[11]: https://www.networkworld.com/article/3276304/internet-of-things/building-iot-ready-networks-must-become-a-priority.html +[12]: https://www.networkworld.com/article/3243928/internet-of-things/what-is-the-industrial-iot-and-why-the-stakes-are-so-high.html +[13]: https://pluralsight.pxf.io/c/321564/424552/7490?u=https%3A%2F%2Fwww.pluralsight.com%2Fpaths%2Fcertified-information-systems-security-professional-cisspr +[14]: https://www.facebook.com/NetworkWorld/ +[15]: https://www.linkedin.com/company/network-world