[tor-relays] Kitten1 and kitten2 compromised (guard/hs/fallback directory)
Sec INT
sec.int9 at gmail.com
Sat May 20 19:45:12 UTC 2017
Hi
What was OVH reaction to this? Has your account been banned from using their services etc?
Utterly pathetic move by the French company - its their own fault
On 20 May 2017, at 16:20, aeris <aeris+tor at imirhil.fr> wrote:
>> Could you please share some more information about the incident?
>
> From what I know and what I can speak about :
>
> A big and sensible French company was infected with Wannacry this 12/05.
> After infection Wannacry starts a Tor client to join it C&C behind a .onion
> address. And so connect to guard nodes (possibly bridges, directory
> authorities and fallback directories can be affected too, or any Tor nodes
> which can be joined directly by standard Tor client).
> Sys admin of the infected company just flag all unknown *OUTGOING* traffic as
> evil and report corresponding IP to cops. Which seized servers of big french
> providers (OVH & Online at this time) on this list the 13 and 14/05.
>
> Regards,
> --
> Aeris
> Individual crypto-terrorist group self-radicalized on the digital Internet
> https://imirhil.fr/
>
> Protect your privacy, encrypt your communications
> GPG : EFB74277 ECE4E222
> OTR : 5769616D 2D3DAC72
> https://café-vie-privée.fr/
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
More information about the tor-relays
mailing list