"targeting [..] companies within Saudi Arabia [..]"
So they are wreaking havoc on their own instead of attempting to attack US industrial facilities.
Could it be that Moscow told them it had that covered and they should go play elsewhere ?
Not content to be the focus of the geopolitical news cycle, Iran now also finds itself in the middle of two major developments in the security world. Earlier this week, infosec outfit Recorded Future claimed a Tehran-backed group known as Elfin, or APT33, has been increasingly active in recent months, largely targeting …
So Silexbot checks IoT devices for root:password and if found, trashes the device, and moves on.
Seems to me like they're performing a public service by removing potential botnet machines from the internet. If you cant be bothered to change the root password on your internet facing devices, then you probably dont deserve to have them on the internet.
Nuking from orbit, sometimes it's the only way to be sure...
Agreed, I genuinely don't think I've ever seen anyone in IT not change a default password. It's almost like a rite of passage when a device comes in to make it "ours". Same at home.
If it's sitting on default, I don't trust it and even when it's not, I still think it's an IoT piece of junk usually.
In fact I don't recall a regular Linux or other Unix installation process* that attempted to set a default root password. It's a feature of pre-built images which are used on IoT gadgets.
* Pi distros are something of an exception being based on regular distros such as Debian but are pre-built images. Although the default password should be changed - and a non-root ID set up - ASAP but if that isn't done and the OS got banjaxed by something like this the device itself isn't affected, the SD card can be reloaded. Too bad about any user data on it, however.
You beat me to it. I've installed/tried out many linux distros since I started using the OS in 1993, but not once have I had a default root password set up. Indeed, many distros disable root logins and use sudo instead.
So whose unix *does* have default root passwords?
I worked somewhere awhile back, where not only did they use the same password for EVERYTHING, they also gave it to users as their initial password! So not only did everyone know it, people would say it's "____" password. Glad I'm no longer there.
He's got US Cyber Command. The Iranians have got Supreme Cyberspace Center!
Supreme is so much better!
Admittedly Centre is a bit weak compared to Command. I mean my town has a Dennis's Kebab Centre (top name chaps), and thinking about it, how much better would that sound it it was Dennis's Kebab Command?
But clearly Trump needs to act here.
I suggest US Cyber Finish Quantum Ultimate Command.
Although you can still beat even that, as Finish now have a Quantum Ultimate box with New Improved written on it. It must be great to improve on ultimate...
Commodity malware is an attractive option for nation-state threat actors ...
That's kind-of the opposite to your report this morning (or was it yesterday) about China spying on lots of companies. And indeed the one a day or two earlier where a US security firm said "looks like [chinese group] but could also be false flag" about spyware lurking in telcos.
I guess the line is whatever fits the story. And to be fair, there's no inherent reason they should be consistent.