Telnet

2020: These 515 thousand servers, home routers and IoT-devices appeared in open access

The cybercriminal uploaded publicly lists of credentials of Telnet for more than 515 thousand servers, home routers and IoT-devices. It became known on January 20, 2020. According to ZDNet, lists were published at a popular hacker forum. They contain the IP addresses, logins and passwords for Telnet service – the protocol for the remote access allowing to control devices on the Internet.

Making lists, the cybercriminal scanned the Internet in search of devices with open Telnet-ports, and then selected credentials by substitution of factory passwords and logins or thought up, but very simple and unreliable.

Such lists are often called lists of bots as they are often used by IoT-operators botnets. At first criminals scan the Internet, making the list of bots, and then use it for connection to devices and their infection harmful SOFTWARE.

As a rule, similar lists are kept a secret, but this time the list was published by online the operator of one of the services performing custom DDoS-attacks. According to the operator, the botnet is not necessary to him any more as it passed to other business model and now rents powerful servers at cloud providers.

The data specified in lists are dated October-November, 2019. Though some IP addresses and passwords could exchange since then, lists all the same are of great interest to cybercriminals^[1].

Notes