The hacker ‘Subby’ took over 29 IoT botnets in the past few weeks brute-forcing the back end panels of their command and control servers.
The hacker accessed to the control panels that were secured with weak credentials.
“Now this theory has been implemented by a threat actor named Subby, who has brute forced at least 29 IoT C2s, and found them using extremely trivial credentials.” wrote Ankit Anubhav, security researcher at NewSky Security. “As shared by the threat actor, one can see that the credentials used are fairly weak.”
Subby told Anubhav that some of C2 associated with the IoT botnets were using very common credentials, including “root:root”, “admin:admin”, and “oof:oof”.