Security News > 2021 > February > Friday Squid Blogging: Live Giant Squid Found in Japan
In practice few who install such systems add such capabilities as IP address detection white lists, or if they do make them too broad for various non technical reasons.
Further the use of a secure rolling time credential token or other non time static credential would have twarted such an attack.
It is possible the Commercial RAT was found via the Shodan Search tool or even ages old what we now call "Script kiddy" IP address port service enumeration that though even more than fourty years later are still just as effective as they ever were to a not fully clued up service administrator.
Any way back to more base needs, time to start cooking lunch, "Leak and potato" soup or pie some how feals strangely apt 😉. The Shodan search tool has both simplicity and great complexity when it comes to enumerating sites more or less passively,.
Look on Shodan as the "Little brother" of the sorts of "Target enumeration" engines the likes of certain Level III attackers such as National SigInt agencies have that hover up data from the behind the "Next hop" routers site administrators can not see beyond.
Which is a valid assumption with Corps doing business in the UK, US and other places in the world such as Pakistan, Saudi Arabia, Israel and many more (as BlackBerry amongst others proved "Business trumps user security every time, be it via "Health&safety", "Tech support", "Product Development", or other invented excuse.