hyp3rdriv3

I caught it, I had the quote in my clipboard but I forgot to paste it. I'm the leap before looking type unfortunately.

I caught it, thanks! Edit: I thought I had pasted in the quote originally, but I forgot to Ctrl-V it. I'm one of those crazy people who leaps before looking lol

I'm not sure how this is a violation of the guidelines... it's tech news, and I couldn't find any hits on Google for this when I filtered for just LTT.

Bleeping Computer is reporting that the Satori botnet has been retasked to locate unpatched Claymore cryptominer rigs. Apparently unpatched rigs have a publicly exposed RPC port. The Satori botnet is currently searching for this port, then taking advantage of it by sending it a command that tells the rig "When I reboot, execute these commands.". then sending another RPC call to reboot. The commands sent change the rigs config to mine a pool under the control of the hackers. This is actually a very smart attack vector. Generally speaking, many cryptominers who have enough money to buy these sort of rigs will use them until they have enough of a profit to afford the latest and greatest with a higher hash rate, then basically leave these on the rack to rot or until the data center unplugs them. I've encountered a few of these over the years working data center ops. So, if you can reconfigure enough of these older rigs that may or may not be used anymore, you can draw a serious revenue stream, which then the Satori botnet masters can turn around and use for R&D into new attack vectors. My hat's off to them, very smart. https://www.bleepingcomputer.com/news/security/the-satori-botnet-is-mass-scanning-for-exposed-ethereum-mining-rigs/