It wasn’t clear from the article but I assumed they were filtering for the attack specifically.

Since Telnet is totally plain text that would absolutely be easy to do right?

Mixtape 21 hours ago | parent | next [-]

Wouldn't that imply that >80% of all monitored telnet sessions were exploit attempts for the specific CVE in question? Even with the scale of modern botnets, that seems unrealistic for a single vuln that was undisclosed at the time.

	▲	MBCook 18 hours ago \| parent [-]
		I have a hard time thinking it’s popular enough these days that attacks, attempts at attacks, or just command and control couldn’t be the main use.

▲

wbl 21 hours ago | parent | prev [-]

Not at interconnect speeds