[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Kitten1 and kitten2 compromised (guard/hs/fallback directory)



> Could you please share some more information about the incident?

From what I know and what I can speak about :

A big and sensible French company was infected with Wannacry this 12/05.
After infection Wannacry starts a Tor client to join it C&C behind a .onion 
address. And so connect to guard nodes (possibly bridges, directory 
authorities and fallback directories can be affected too, or any Tor nodes 
which can be joined directly by standard Tor client).
Sys admin of the infected company just flag all unknown *OUTGOING* traffic as 
evil and report corresponding IP to cops. Which seized servers of big french 
providers (OVH & Online at this time) on this list the 13 and 14/05.

Regards,
-- 
Aeris
Individual crypto-terrorist group self-radicalized on the digital Internet
https://imirhil.fr/

Protect your privacy, encrypt your communications
GPG : EFB74277 ECE4E222
OTR : 5769616D 2D3DAC72
https://café-vie-privée.fr/

Attachment: signature.asc
Description: This is a digitally signed message part.

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays