Microsoft has confirmed that the group was behind a new attack that took place in April of this year (2019).
This is the group that claimed responsibility for both the attack on the Democratic National Committee during the run up to the 2016 election and the NotPeya attacks against the Ukraine in 2017.
In addition to targeting political groups in Europe and North America, Strontium members have been upping the stakes by compromising large numbers of popular IoT devices such as VOIP phones, printers, security cameras and the like. They have been using those devices to breach corporate networks.
The company had this to say about their recent findings:
“The investigation uncovered that an actor had used these devices to gain initial access to corporate networks. In two of the cases, the passwords for the devices were deployed without changing the default manufacturer’s passwords, and in the third instance the latest security update had not been applied to the device.
Once the actor had successfully established access to the network, a simple network scan to look for other insecure devices allowed them to discover and move across the network in search of higher-privileged accounts that would grant access to higher-value data.”
Fortunately, Microsoft was able to stop this attack in its tracks early on, but the motives behind it remain cloudy and uncertain. Even so, Microsoft has committed itself to closely monitoring the activity of this group in particular. In the past year, they have sent out more than 1,400 notifications to global corporations and nation states about the activities of the group.
It is incredibly likely that this group will be at the forefront of whatever attacks the Russians have planned to influence the outcome of the 2020 US Presidential election.