A threat actor using the handle CVDEAD published a free dataset listing 26,500 publicly accessible IoT devices and 3,000 RTSP camera streams located in Saudi Arabia, encouraging their use as DDoS botnet nodes or anonymizing proxies. The dataset, compiled via active scanning, includes medical devices, routers, camera streaming systems, local servers, and exposed RTSP streams, creating a high-severity exposure with potential real-world safety implications. #CVDEAD #SaudiArabia
Keypoints
- Threat actor CVDEAD posted a free dataset of 26,500 exposed IoT devices and 3,000 RTSP camera streams in Saudi Arabia.
- The actor explicitly encourages using the listed devices as DDoS botnet soldiers or as proxies for anonymized traffic routing.
- The compilation includes medical devices, routers, camera streaming systems, RTSP video streams, local servers, ACME services, sensors, and administration interfaces.
- A sample in the listing shows structured data with IP addresses, ports, and device information, indicating active scanning and enumeration of Saudi IP ranges.
- The exposure is rated high severity due to unsecured protocols on RTSP streams and the presence of medical devices that could have safety implications if compromised.
DarkWebInformer.com Providing intel from some of the darkest places on the Dark Web & Clearnet. Breaches, Darknet Markets, Ransomware, Threat Alerts, & more!