New Threat Research: Uncovering Adversarial LDAP Tradecraft

Read Threat Research


PewDiePie Has a Big Fan

PewDiePie is a famous YouTube vlogger that currently has the most followers on the platform, and one fan really wants to keep it that way. At least 50,000 people were probably confused as to why their printer randomly printed a message regarding PewDiePie. The message describes how T-Series is closing in on the most followers on YouTube and that PewDiePie needs help to remain at the top. A user on Twitter going by the name of “TheHackerGiraffe” tweeted three times about how he conducted the attack. Using Shodan to find vulnerable protocols TheHackerGiraffe decided to target printers after learning about IPP LPD and JetDirect protocols. After finding plenty of targets, TheHackerGiraffe then decided to pick the first 50,000 printers using port 9100 and downloaded the list from Shodan. TheHackerGiraffe used a tool called PRET which allows attackers to manipulate or capture print jobs, cause physical damage to the device, and allow access to the printer’s file system and memory. TheHackerGiraffe claims that this was not meant to be malicious and that it was to bring attention to vulnerabilities in printers.

Analyst Notes

Users are advised to change the default password on their printer. Users should ensure that their firewall is properly configured. It is also good practice to turn printers off when they are not being used.