Anyone know if they've found the C&C servers yet? On Wed, 19 May 2021 at 19:01, Simon Green <mail(a)simon.green> wrote:
On Wed, 19 May 2021, at 4:51 PM, Lawrence D'Oliveiro wrote:
Further report < https://www.theregister.com/2021/05/19/new_zealand_hospitals_taken_down/> says “The attack disabled all IT services except email”.
Kind of ironic, since that appears to have been the channel of attack
The MX records would suggest the e-mail is hosted by SMX ( https://smxemail.com/ ) a well known e-mail hosting company based in NZ. They also do hosting for all @xtra.co.nz (Spark Internet) addresses ( https://smxemail.com/our-company/blogs-news/press-releases/spark-brings-emai... ).
As for the cause of the DHB issues, I suspect the it-came-from-e-mail answer is pure speculation at this stage.
-- Simon _______________________________________________ wlug mailing list -- wlug(a)list.waikato.ac.nz | To unsubscribe send an email to wlug-leave(a)list.waikato.ac.nz Unsubscribe: https://list.waikato.ac.nz/postorius/lists/wlug.list.waikato.ac.nz