An unknown criminal or hacking group has leaked a very large list of Telnet credentials from IoT devices. They are mostly from consumer and commonly used networking hardware — routers, servers, access points and etc. The list was posted on one of the popular hacking underground marketplaces where a lot of criminals typically converse.
Hijacked Iot Data Collected via Botnet
The list of hijacked data have been collected from remote Telnet access — a legacy and popular protocol used for controlling and accessing devices remotely either via manually or using software means. Common actions undertaken by the hackers in order to extract the credentials include attempting to remote control the applications, using common username and password combinations to break into the systems.
According to the available information the data was leaked by a criminal posted on the underground hacker forums. They have posted information about how the data was obtained — via a wide network scanning approach. This is done by using an automated scanning tool capable of looking for open IP ports and checking if any insecure services are available. By using common intrusion techniques the tool will automatically record the accessed device and add it to the list. It is also possible that the intrusion attempts have been made by a IoT botnet — a network of compromised machines that will be programmed to conduct operations in a prescribed sequence. The criminal responsible for the list of hijacked data operations has explained that the reason for the success and online leaking of the sensitive data is because they have upgraded their IoT botnet service. Apparently they are in control of a powerful cloud infrastructure. An analysis of the lists of data shows that the credentials have been taken from the period of October through November 2019.