Three months after online decoys were set up pretending to be industrial-control systems, we wrote about how computers from the U.S., China and Russia were found to be the biggest sources for launching scouting attacks against these fake critical infrastructures.
This week, ThreatStream, a cyber-security company that set up the target computers at Bloomberg's request, went deeper with the data. Hidden in the larger dataset, which catalogued thousands of reconnaissance probes against our honeypots, was a subset of attacks that revealed the location of computers used to not only find Internet-connected control systems, but to manipulate them as well with specialized software and communications protocols. In other words, these were recon missions sent by machines that also had some level of ability to do damage.
