The threat actors appear to be in a reconnaissance phase, which could be a prelude to a larger cyber-sabotage attack meant to destroy and paralyze infrastructure.
This is the first evidence of the China-linked threat actor’s activity since hacked the U.K. government and military in 2017 (which wasn’t made public until 2018).
The onus behind IoT security has become so muddled that no one knows who to point fingers at.
Researchers were able to discover a way to hack the device in less than an hour.
The devices don’t require authentication for connections received on a local network; and, HTTP is used to configure or control embedded devices.