An attacker had been quietly mapping their internal network for 11 days.
By 2:30 AM, the compromised print server was isolated, and the ZMM220 was no longer accessible via telnet. The attacker’s session had terminated when the password changed.
The update to the ZMM220’s default Telnet password marks a positive step toward a more secure industrial IoT ecosystem. No longer can an attacker simply try zmm220 versus root to compromise thousands of devices. However, the sticker password is still a , not a permanent solution.