“We don’t usually see commercial networks hacking into servers,” said Peter Beardmore, RSA’s senior consultant for threat intelligence marketing.
Terracotta also stands out because it keeps adding new IP addresses, and not publishing the data, he added. This is one of the things that makes it popular with cybercriminals.
“Most commercial VPN services publish their IP addresses,” Beardmore said. “And enterprises and governments can restrict access from those IP addresses.”