Edition Zdnet I noticed that a huge list of 515,000 Telnet credentials for many servers, routers and various smart devices was recently published on the popular hacker forum. The dump includes device IP addresses, usernames and passwords, as well as protocol information that can be used to remotely control devices.
The list was made public by a self-employed DDoS botnet operator who claims to have compiled it on its own, scanning the Internet in search of poorly protected devices accessible via Telnet. To access them, the hacker used either the default credentials or user combinations of usernames and passwords that are easy to guess. Information in the dump is dated October-November 2019.
Answering the question why publish such a large list of bots in the public domain, the dump author replied that he had recently updated his DDoS service and now does not work with IoT-bonnet, but relies on the rental of high-performance servers from cloud service providers. That is, he no longer needs a list.
Using IoT search engines (BinaryEdge and Shodan), ZDNet reporters were able to collect information about the devices from the list. Some of them are located in the networks of well-known Internet providers (obviously, these are routers and IoT devices), but others were seen in the networks of large cloud service providers.
Unnamed security experts talked to by ZDNet reporters warned that a list merged into the network could still be dangerous, even if some of the data in it was no longer valid (over the past few months, devices could change their IP address and password). The fact is that improperly configured gadgets are usually distributed unevenly across the network, however, they are often massively distributed on the network of one provider, since during deployment its staff massively configures devices incorrectly. As a result, the attacker gets the opportunity to use the IP addresses from the published list to determine the provider, and then re-scan his network more and more carefully, adding new victims to the list.