[tor-relays] Kitten1 and kitten2 compromised (guard/hs/fallback directory)

aeris aeris+tor at imirhil.fr
Sat May 20 15:20:27 UTC 2017


> Could you please share some more information about the incident?

From what I know and what I can speak about :

A big and sensible French company was infected with Wannacry this 12/05.
After infection Wannacry starts a Tor client to join it C&C behind a .onion 
address. And so connect to guard nodes (possibly bridges, directory 
authorities and fallback directories can be affected too, or any Tor nodes 
which can be joined directly by standard Tor client).
Sys admin of the infected company just flag all unknown *OUTGOING* traffic as 
evil and report corresponding IP to cops. Which seized servers of big french 
providers (OVH & Online at this time) on this list the 13 and 14/05.

Regards,
-- 
Aeris
Individual crypto-terrorist group self-radicalized on the digital Internet
https://imirhil.fr/

Protect your privacy, encrypt your communications
GPG : EFB74277 ECE4E222
OTR : 5769616D 2D3DAC72
https://café-vie-privée.fr/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20170520/578f19c2/attachment.sig>


More information about the tor-relays mailing list