In an unusual hacking campaign, a group of threat actors is taking control of thousands of printers around the world just to force the printing of anti-work messages on commercial receipts. According to a report, in these messages, workers in all kinds of businesses were invited to talk to their peers about salary and benefits issues, including phrases such as “Are you being underpaid?”
Some of these messages were shared on the r/Antiwork subreddit, described as “a community for those who want to end the institution of work and exchange ideas with other users interested in leading a life free of these kinds of obligations.”
Apparently, the hackers’ goal was to encourage workers to form unions: “You have the legal right to discuss your pay with your co-workers. How a McDonald’s in Denmark can pay the equivalent of $22 an hour and still sell a Big Mac for less than in the U.S. The answer is unions” The attacks appear to be aimed only at printers in the U.S., primarily in Maine.
Little is known about the hackers behind this campaign, although multiple theories have appeared about it. Some users believe that the subreddit linked to these messages is related to a hacktivism group similar to Anonymous, while others believe that it is just a joke that grew thanks to its exposure on the Internet.
What is confirmed is that the attack is a sample of how vulnerable these types of devices are; According to cybersecurity specialist Andrew Morris, the attackers were able to print these messages thanks to the erroneous security settings on the devices. Using the Shodan tool, it is possible to find thousands of printers and other Internet of Things (IoT) devices within reach of any attacker.
Other similar campaigns have been detected previously; for example, a couple of years ago a threat actor managed to compromise thousands of printers to share a message in support of PewDiePie, YouTube’s most famous content creator.
To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.